Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30250 | WIR-MOS-AND-045-06 | SV-39870r1_rule | ECWN-1 | Medium |
Description |
---|
If mitigation actions identified by the Mobile OS device integrity tool are not implemented, DoD data and the enclave could be at risk of being compromised. |
STIG | Date |
---|---|
Android 2.2 (Dell) Security Technical Implementation Guide | 2014-08-26 |
Check Text ( C-38873r1_chk ) |
---|
Determine if mitigation actions recommended by the Android device integrity validation tool, based on scanning results, have been implemented by the site. Interview the IAO and Android Administrator. Review the tool scanning results of the tool that were conducted over the previous 6 months that the site has on file. Select 4-5 site managed Android devices to review. -For each device, have the Android device Administrator show scan logs for each device for the past several months. Find several scans that have identified compromising events, if available. Determine if the site completed recommended mitigation actions. Mark as a finding if mitigation actions were not completed. Note: It is recommended that the site establish a procedure for recording mitigation actions competed for each site managed device. |
Fix Text (F-34017r1_fix) |
---|
Implement required mitigation actions. |