UCF STIG Viewer Logo

Mitigation actions identified by Mobile OS device integrity tool scans on site managed Mobile OS devices must be implemented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30250 WIR-MOS-AND-045-06 SV-39870r1_rule ECWN-1 Medium
Description
If mitigation actions identified by the Mobile OS device integrity tool are not implemented, DoD data and the enclave could be at risk of being compromised.
STIG Date
Android 2.2 (Dell) Security Technical Implementation Guide 2014-08-26

Details

Check Text ( C-38873r1_chk )
Determine if mitigation actions recommended by the Android device integrity validation tool, based on scanning results, have been implemented by the site. Interview the IAO and Android Administrator. Review the tool scanning results of the tool that were conducted over the previous 6 months that the site has on file.
Select 4-5 site managed Android devices to review.
-For each device, have the Android device Administrator show scan logs for each device for the past several months. Find several scans that have identified compromising events, if available. Determine if the site completed recommended mitigation actions.

Mark as a finding if mitigation actions were not completed.

Note: It is recommended that the site establish a procedure for recording mitigation actions competed for each site managed device.
Fix Text (F-34017r1_fix)
Implement required mitigation actions.