UCF STIG Viewer Logo

Good Mobility Suite Server (Windows Phone 6.5) Security Technical Implementation Guide


Overview

Date Finding Count (73)
2011-10-04 CAT I (High): 3 CAT II (Med): 63 CAT III (Low): 7
STIG Description
This STIG provides technical security controls required for the use of the Good Mobility Suite with Windows Phone 6.5 devices in the DoD environment.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-24974 High The smartphone management server email system must be set up with the required system components in the required network architecture.
V-24975 High The smartphone management server host-based or appliance firewall must be installed and configured as required.
V-26564 High Authentication on system administration accounts for wireless management servers must be configured.
V-26107 Medium The following Bluetooth configuration must be set as required: Basic Imaging Profile.
V-26132 Medium The following Data Encryption configuration must be set as required: My Music.
V-26104 Medium The following Bluetooth configuration must be set as required: Wireless Application Protocol Bearer.
V-25032 Medium Password access to the Good app on the smartphone must be enabled.
V-24994 Medium Inactivity lock must be set as required for the smartphone security/email client.
V-24995 Medium "Do not allow data to be copied from the Good application" must be checked.
V-26099 Medium The following Bluetooth configuration must be set as required: Dial Up Network Profile.
V-26098 Medium The following Bluetooth configuration must be set as required: Common ISDN Access Profile.
V-24998 Medium The Over-The-Air (OTA) device provisioning PIN must have expiration set.
V-26106 Medium The following Bluetooth configuration must be set as required: Advanced Audio Distribution Profile.
V-24992 Medium Maximum invalid password attempts must be set as required for the smartphone security/email client.
V-24993 Medium Data must be wiped after maximum password attempts reached for the smartphone security/email client.
V-26093 Medium The following Bluetooth configuration must be set as required: General Audio/Video Distribution Profile.
V-26095 Medium The following Bluetooth configuration must be set as required: Serial Port Profile.
V-26094 Medium The following Bluetooth configuration must be set as required: Personal Area Networking Profile.
V-26097 Medium The following Bluetooth configuration must be set as required: Generic Object (Exchange) Profile.
V-26096 Medium The following Bluetooth configuration must be set as required: Enable discovery.
V-26114 Medium The following Bluetooth configuration must be set as required: Video Conferencing Profile.
V-26115 Medium The following Bluetooth configuration must be set as required: Message Access Profile.
V-26116 Medium The following Bluetooth configuration must be set as required: External Service Discovery Profile.
V-26117 Medium The following Bluetooth configuration must be set as required: Device ID Profile.
V-26110 Medium The following Bluetooth configuration must be set as required: Object Push Profile.
V-26111 Medium The following Bluetooth configuration must be set as required: Synchronization Profile.
V-26112 Medium The following Bluetooth configuration must be set as required: Phone Book Access Profile.
V-26113 Medium The following Bluetooth configuration must be set as required: Video Distribution Profile.
V-26150 Medium The following Good Mobile Access configuration must be set as required: Allow internet access on handheld when Good Mobile Access is not running.
V-26122 Medium The following Bluetooth configuration must be set as required: Human Interface Device Profile (Service and Host).
V-26134 Medium The following Data Encryption configuration must be set as required: Personal.
V-26135 Medium Password complexity must be set as required.
V-26118 Medium The following Bluetooth configuration must be set as required: Service Discovery Application Profile.
V-26119 Medium The following Bluetooth configuration must be set as required: Unrestricted Digital Information.
V-26130 Medium The following Data Encryption configuration must be set as required: My Pictures.
V-26102 Medium The following Bluetooth configuration must be set as required: Cordless Telephony Profile.
V-24990 Medium Password minimum length must be set as required for the smartphone security/email client.
V-26101 Medium The following Bluetooth configuration must be set as required: LAN Access Profile.
V-24972 Medium The required smartphone management server or later version must be used.
V-24973 Medium The host server where the smartphone management server is installed must be hardened according to the appropriate Application STIG (SQL, Apache Web Server, Apache Tomcat, IIS, etc.).
V-26100 Medium The following Bluetooth configuration must be set as required: Fax Profile.
V-24978 Medium Smartphone user accounts must not be assigned to the default security/IT policy.
V-26105 Medium The following Bluetooth configuration must be set as required: Active Sync.
V-26129 Medium The following Data Encryption configuration must be set as required: My Music.
V-26109 Medium The following Bluetooth configuration must be set as required: OBEX File Transfer Profile.
V-26151 Medium The following Good Mobile Access configuration must be set as required: Route only Intranet traffic through Good Mobile Access.
V-26152 Medium S/MIME must be enabled on the Good server.
V-26561 Medium “Require CAC to be present” must be set.
V-26560 Medium Either CAC or password authentication must be enabled for user access to the Good app on the smartphone.
V-26108 Medium The following Bluetooth configuration must be set as required: Basic Printing. Profile.
V-26133 Medium following Data Encryption configuration must be set as required: My Pictures.
V-26121 Medium The following Bluetooth configuration must be set as required: HeadSet and Hands Free Profile.
V-26120 Medium The following Bluetooth configuration must be set as required: Audio / Video Remote Control Transport Protocol.
V-26123 Medium The following Bluetooth configuration must be set as required: Hard Copy Cable Replacement Profile.
V-26148 Medium The following Good Mobile Access configuration must be set as required: Require user to authenticate via NTLM.
V-26125 Medium The Infrared radio must be disabled.
V-26124 Medium The following Bluetooth configuration must be set as required: SIM Access.
V-26127 Medium The following Storage Card configuration must be set as required: Enable storage card encryption.
V-26126 Medium The following Storage Card configuration must be set as required: Wipe storage card when wiping data.
V-26149 Medium The following Good Mobile Access configuration must be set as required: Route both Intranet and Internet traffic through Good Mobile Access.
V-26128 Medium The following Storage Card configuration must be set as required: Allow encrypted storage cards to work only with handheld that originally encrypted them.
V-26103 Medium The following Bluetooth configuration must be set as required: Intercom Profile.
V-26131 Medium The following Data Encryption configuration must be set as required: Personal.
V-26146 Medium The following Good Mobile Access configuration must be set as required: Enable Good Mobile Access.
V-26145 Medium A list of Windows Mobile Smartphone blocked apps must be set up on the Good server.
V-26144 Medium A list of Windows Mobile Pocket PC blocked apps must be set up on the Good server.
V-25030 Low If access is enabled to the Good app contacts lists by the smartphone, the list of contact information must be limited.
V-24999 Low OTA Provisioning PIN reuse must not be allowed.
V-24991 Low Repeated password characters must be disallowed for the Good app.
V-25754 Low The PKI digital certificate installed on the wireless email management server must be a DoD PKI-issued certificate.
V-24989 Low Previously used passwords must be disallowed for security/email client on smartphone.
V-24988 Low Handheld password will be set as required.
V-24987 Low “Re-challenge for CAC PIN every” must be set.