UCF STIG Viewer Logo

Good Mobility Suite Server (Windows Phone 6.5) Security Technical Implementation Guide


Overview

Date Finding Count (73)
2011-10-04 CAT I (High): 3 CAT II (Med): 63 CAT III (Low): 7
STIG Description
This STIG provides technical security controls required for the use of the Good Mobility Suite with Windows Phone 6.5 devices in the DoD environment.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-24974 High The smartphone management server email system must be set up with the required system components in the required network architecture.
V-24975 High The smartphone management server host-based or appliance firewall must be installed and configured as required.
V-26564 High Authentication on system administration accounts for wireless management servers must be configured.
V-26107 Medium The following Bluetooth configuration must be set as required: Basic Imaging Profile.
V-26132 Medium The following Data Encryption configuration must be set as required: My Music.
V-26104 Medium The following Bluetooth configuration must be set as required: Wireless Application Protocol Bearer.
V-25032 Medium Password access to the Good app on the smartphone must be enabled.
V-24994 Medium Inactivity lock must be set as required for the smartphone security/email client.
V-24995 Medium "Do not allow data to be copied from the Good application" must be checked.
V-26099 Medium The following Bluetooth configuration must be set as required: Dial Up Network Profile.
V-26098 Medium The following Bluetooth configuration must be set as required: Common ISDN Access Profile.
V-24998 Medium The Over-The-Air (OTA) device provisioning PIN must have expiration set.
V-26106 Medium The following Bluetooth configuration must be set as required: Advanced Audio Distribution Profile.
V-24992 Medium Maximum invalid password attempts must be set as required for the smartphone security/email client.
V-24993 Medium Data must be wiped after maximum password attempts reached for the smartphone security/email client.
V-26093 Medium The following Bluetooth configuration must be set as required: General Audio/Video Distribution Profile.
V-26095 Medium The following Bluetooth configuration must be set as required: Serial Port Profile.
V-26094 Medium The following Bluetooth configuration must be set as required: Personal Area Networking Profile.
V-26097 Medium The following Bluetooth configuration must be set as required: Generic Object (Exchange) Profile.
V-26096 Medium The following Bluetooth configuration must be set as required: Enable discovery.
V-26114 Medium The following Bluetooth configuration must be set as required: Video Conferencing Profile.
V-26115 Medium The following Bluetooth configuration must be set as required: Message Access Profile.
V-26116 Medium The following Bluetooth configuration must be set as required: External Service Discovery Profile.
V-26117 Medium The following Bluetooth configuration must be set as required: Device ID Profile.
V-26110 Medium The following Bluetooth configuration must be set as required: Object Push Profile.
V-26111 Medium The following Bluetooth configuration must be set as required: Synchronization Profile.
V-26112 Medium The following Bluetooth configuration must be set as required: Phone Book Access Profile.
V-26113 Medium The following Bluetooth configuration must be set as required: Video Distribution Profile.
V-26150 Medium The following Good Mobile Access configuration must be set as required: Allow internet access on handheld when Good Mobile Access is not running.
V-26122 Medium The following Bluetooth configuration must be set as required: Human Interface Device Profile (Service and Host).
V-26134 Medium The following Data Encryption configuration must be set as required: Personal.
V-26135 Medium Password complexity must be set as required.
V-26118 Medium The following Bluetooth configuration must be set as required: Service Discovery Application Profile.
V-26119 Medium The following Bluetooth configuration must be set as required: Unrestricted Digital Information.
V-26130 Medium The following Data Encryption configuration must be set as required: My Pictures.
V-26102 Medium The following Bluetooth configuration must be set as required: Cordless Telephony Profile.
V-24990 Medium Password minimum length must be set as required for the smartphone security/email client.
V-26101 Medium The following Bluetooth configuration must be set as required: LAN Access Profile.
V-24972 Medium The required smartphone management server or later version must be used.
V-24973 Medium The host server where the smartphone management server is installed must be hardened according to the appropriate Application STIG (SQL, Apache Web Server, Apache Tomcat, IIS, etc.).
V-26100 Medium The following Bluetooth configuration must be set as required: Fax Profile.
V-24978 Medium Smartphone user accounts must not be assigned to the default security/IT policy.
V-26105 Medium The following Bluetooth configuration must be set as required: Active Sync.
V-26129 Medium The following Data Encryption configuration must be set as required: My Music.
V-26109 Medium The following Bluetooth configuration must be set as required: OBEX File Transfer Profile.
V-26151 Medium The following Good Mobile Access configuration must be set as required: Route only Intranet traffic through Good Mobile Access.
V-26152 Medium S/MIME must be enabled on the Good server.
V-26561 Medium “Require CAC to be present” must be set.
V-26560 Medium Either CAC or password authentication must be enabled for user access to the Good app on the smartphone.
V-26108 Medium The following Bluetooth configuration must be set as required: Basic Printing. Profile.
V-26133 Medium following Data Encryption configuration must be set as required: My Pictures.
V-26121 Medium The following Bluetooth configuration must be set as required: HeadSet and Hands Free Profile.
V-26120 Medium The following Bluetooth configuration must be set as required: Audio / Video Remote Control Transport Protocol.
V-26123 Medium The following Bluetooth configuration must be set as required: Hard Copy Cable Replacement Profile.
V-26148 Medium The following Good Mobile Access configuration must be set as required: Require user to authenticate via NTLM.
V-26125 Medium The Infrared radio must be disabled.
V-26124 Medium The following Bluetooth configuration must be set as required: SIM Access.
V-26127 Medium The following Storage Card configuration must be set as required: Enable storage card encryption.
V-26126 Medium The following Storage Card configuration must be set as required: Wipe storage card when wiping data.
V-26149 Medium The following Good Mobile Access configuration must be set as required: Route both Intranet and Internet traffic through Good Mobile Access.
V-26128 Medium The following Storage Card configuration must be set as required: Allow encrypted storage cards to work only with handheld that originally encrypted them.
V-26103 Medium The following Bluetooth configuration must be set as required: Intercom Profile.
V-26131 Medium The following Data Encryption configuration must be set as required: Personal.
V-26146 Medium The following Good Mobile Access configuration must be set as required: Enable Good Mobile Access.
V-26145 Medium A list of Windows Mobile Smartphone blocked apps must be set up on the Good server.
V-26144 Medium A list of Windows Mobile Pocket PC blocked apps must be set up on the Good server.
V-25030 Low If access is enabled to the Good app contacts lists by the smartphone, the list of contact information must be limited.
V-24999 Low OTA Provisioning PIN reuse must not be allowed.
V-24991 Low Repeated password characters must be disallowed for the Good app.
V-25754 Low The PKI digital certificate installed on the wireless email management server must be a DoD PKI-issued certificate.
V-24989 Low Previously used passwords must be disallowed for security/email client on smartphone.
V-24988 Low Handheld password will be set as required.
V-24987 Low “Re-challenge for CAC PIN every” must be set.