The Good Mobility Suite email client must be capable of providing S/MIME v3 (or later version) encryption of email.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-53045 | GOOD-00-000560 | SV-67261r1_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case, S/MIME is the required mechanism for encryption of email. |
| STIG | Date |
|---|---|
| Good for Enterprise 8.x Security Technical Implementation Guide | 2014-08-18 |
Details
| Check Text ( C-54549r1_chk ) |
|---|
| Review the Good Mobility Suite server configuration to verify the mobile email client provides S/MIME v3 (or later version) encryption of email. Otherwise, this is a finding. |
| Fix Text (F-57855r2_fix) |
|---|
| Configure the Good Mobility Suite server to provide S/MIME v3 (or later version) encryption of email. -Launch the Good Mobile Control Web console and click on the Settings tab -On the left side, select Secure Messaging (S/MIME) -Verify Enable Secure Messaging (S/MIME) is checked and the LDAP and OCSP URL values are configured properly -Click on Save and proceed to the Policies tab -Select the policy set for the smart phone and select Good For Enterprise Authentication -Verify Enable S/MIME is checked Optional: To enable CAC/PIV (hard token), ensure Good Vault is selected; otherwise, soft token will be the default. |