UCF STIG Viewer Logo

Good for Enterprise 8.x Security Technical Implementation Guide


Overview

Date Finding Count (65)
2014-08-18 CAT I (High): 6 CAT II (Med): 51 CAT III (Low): 8
STIG Description
Developed by Good Technology in coordination with DISA for the DoD.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-53027 High The Good Mobility Suite server must accept alerts from the mobile operating system when the mobile OS has detected integrity check failures.
V-53099 High The Good Mobility Suite must transfer audit logs from managed mobile devices to the Good Mobility Suite.
V-53057 High The Good Mobility Suite server application white list for managed mobile devices must be set to Deny All by default when no applications are listed.
V-53031 High The Good Mobility Suite server must detect and report the version of the operating system, device drivers, and application software for managed mobile devices.
V-53029 High The Good Mobility Suite server must perform required actions when a security-related alert is received.
V-53019 High The Good Mobility Suite must implement separation of administrator duties by requiring a specific role to be assigned to each administrator account.
V-53107 Medium The Good Mobility Suite email client must give the user the option to deny acceptance of a certificate if the certificate was issued by an untrusted certificate authority.
V-53069 Medium The Good Mobility Suite server must disable iOS Allow documents from managed apps in unmanaged apps via centrally managed policy.
V-53105 Medium The Good Mobility Suite email client must alert the user if it receives a public-key certificate issued from an untrusted certificate authority.
V-53145 Medium The Good Mobility Suite server must disable the mobile device users access to an application store or repository via centrally managed policy.
V-53127 Medium The Good Mobility Suite email client must give the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate uses a non-FIPS approved algorithm.
V-53129 Medium The Good Mobility Suite email client must alert the user if it receives an unverified public-key certificate.
V-53061 Medium The Good Mobility Suite server must enable iOS Force encrypted backups via centrally managed policy.
V-53063 Medium The Good Mobility Suite server must disable iOS Allow diagnostic data to be sent to Apple via centrally managed policy.
V-53149 Medium The Good Mobility Suite server must block access to specific web sites via centrally managed policy.
V-53109 Medium The Good Mobility Suite email client must alert the user if it receives an invalid public-key certificate.
V-53067 Medium The Good Mobility Suite server must disable iOS Allow documents from unmanaged apps in managed apps via centrally managed policy.
V-53135 Medium The Good Mobility Suite must enforce the minimum password length for the device unlock password via centrally managed policy.
V-53125 Medium The Good Mobility Suite email client must alert the user if it receives a public-key certificate with a non-FIPS approved algorithm.
V-53065 Medium The Good Mobility Suite server must disable iOS Auto-fill via centrally managed policy.
V-53253 Medium The Good Mobility Suite email client must give the user the option to deny acceptance of a certificate if the mobile email client determines the CRL of the certificate is unverified.
V-53055 Medium The Good Mobility Suite server must prohibit the mobile device user from installing unapproved applications on the mobile device.
V-53251 Medium The Good Mobility Suite email client must alert the user if the certificate uses an unverified CRL.
V-53143 Medium The Good Mobility Suite server must set the device inactivity timeout grace period to be immediate via centrally managed policy.
V-53051 Medium The Good Mobility Suite server must specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user.
V-53053 Medium The Good Mobility Suite server must configure the mobile device agent to prohibit the download of software from a non-DoD approved source.
V-53091 Medium The Good Mobility Suite server must disable iOS photo streams via centrally managed policy.
V-53093 Medium The Good Mobility Suite server must disable iOS shared photo streams via centrally managed policy.
V-53059 Medium The Good Mobility Suite server must configure the Good Mobility Suite agent to prohibit the download of applications on mobile operating system devices without system administrator control.
V-53037 Medium The Good Mobility Suite email client must provide the mobile device user the capability to decrypt incoming email messages using software- or hardware-based digital certificates.
V-53035 Medium The Good Mobility Suite email client must provide a mechanism to provide certificate validation through a trusted OCSP, CRL, or SCVP.
V-53117 Medium The Good Mobility Suite email client must give the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate is unverified.
V-53111 Medium The Good Mobility Suite email client must give the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate is invalid.
V-53073 Medium The Good Mobility Suite server must disable the iOS Today View in lock screen via centrally managed policy.
V-53137 Medium The Good Mobility Suite server must set the device inactivity timeout to 15 minutes via centrally managed policy.
V-53071 Medium The Good Mobility Suite server must disable iOS Touch ID to unlock device via centrally managed policy.
V-53153 Medium The Good Mobility Suite server must force the display of a warning banner on the mobile device via centrally managed policy.
V-53077 Medium The Good Mobility Suite server must disable the iOS notification center in lock screen via centrally managed policy.
V-53133 Medium The Good Mobility Suite must be configured to provide the administrative functionality to transmit a remote Data Wipe command, including removable media cards, to a managed mobile device.
V-53039 Medium The Good Mobility Suite email client must provide the mobile device user the capability to digitally sign and encrypt outgoing email messages using software- or hardware-based digital certificates.
V-53075 Medium The Good Mobility Suite server must disable iOS Airdrop via centrally managed policy.
V-53157 Medium The Good Mobility Suite server must enable a Good Mobility Suite agent password via centrally managed policy.
V-53087 Medium The Good Mobility Suite server must disable iOS iCloud backup via centrally managed policy.
V-53085 Medium The Good Mobility Suite server must disable iOS iCloud documents and data via centrally managed policy.
V-53083 Medium The Good Mobility Suite server must enable iOS force limited ad tracking via centrally managed policy.
V-53155 Medium The Good Mobility Suite server must set the number of incorrect password attempts before a data wipe procedure is initiated to 10 via centrally managed policy.
V-53081 Medium The Good Mobility Suite server must disable iOS Siri while the device is locked via centrally managed policy.
V-53079 Medium The Good Mobility Suite server must disable iOS voice dialing via centrally managed policy.
V-53095 Medium The Good Mobility Suite server must disable iOS screenshots via centrally managed policy.
V-53089 Medium The Good Mobility Suite server must disable iOS iCloud keychain sync via centrally managed policy.
V-53165 Medium The Good Mobility Suite server must disable the automatic removal of the iOS configuration profile via centrally managed policy.
V-53167 Medium The Good Mobility Suite server must disable the use of simple values within the iOS Good Mobility Server agent password via centrally managed policy.
V-53041 Medium The Good Mobility Suite email client must set the Smart Card or Certificate Store Password caching timeout period to 120 minutes.
V-53161 Medium The Good Mobility Suite server must enable the Good Mobility Suite agent password length to be six or more characters.
V-53163 Medium The Good Mobility Suite must set the Good Mobility Suite agent inactivity timeout to 15 minutes via centrally managed policy.
V-53045 Medium The Good Mobility Suite email client must be capable of providing S/MIME v3 (or later version) encryption of email.
V-53049 Medium The Good Mobility Suite server must disable copying data from inside a security container to a non-secure data area on a mobile device via centrally managed policy.
V-53103 Low The Good Mobility Suite email client must give the user the option to deny acceptance of a certificate if it cannot verify the certificates revocation status.
V-53101 Low The Good Mobility Suite email client must notify the user if it cannot verify the revocation status of the certificate.
V-53097 Low The Good Mobility Suite email client must either block or convert all active content in email (HTML, RTF, etc.) to text before the email is forwarded to the mobile device.
V-53115 Low The Good Mobility Suite email client must verify all digital certificates in the certificate chain when performing PKI transactions.
V-53033 Low The Good Mobility Suite email client must support retrieving encryption certificates not stored in the local trust anchor store for S/MIME purposes.
V-53113 Low The Good Mobility Suite email client must not accept certificate revocation information without verifying its authenticity.
V-53043 Low The Good Mobility Suite email client S/MIME must be fully interoperable with DoD PKI and CAC/PIV. CAC/PIV (hard token) and PKCS#12 (soft token) certificate stores must be supported.
V-53047 Low The Good Mobility Suite email client must restrict contact list data elements transferred to the phone application.