The Good Mobility Suite server application white list for managed mobile devices must be set to Deny All by default when no applications are listed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-53057 | GOOD-00-000500 | SV-67273r1_rule | High |
| Description |
|---|
| The installation and execution of unauthorized software on an operating system may allow the application to obtain sensitive information or further compromise the system. If the system administrator has control over what applications are downloaded, then the system administrator can check that only known good programs are installed, which significantly mitigates the risk posed by malicious software. |
| STIG | Date |
|---|---|
| Good for Enterprise 8.x Security Technical Implementation Guide | 2014-08-18 |
Details
| Check Text ( C-54561r1_chk ) |
|---|
| Review the Good Mobility Suite server configuration to determine if the Good Mobility Suite application white list for managed mobile devices is set to "Deny All" by default when no applications are listed. Otherwise, this is a finding. |
| Fix Text (F-57867r2_fix) |
|---|
| Configure the Good Mobility Suite application white list for managed mobile devices to "Deny All" by default when no applications are listed. -Launch the Good Mobile Control Web console and click on the Policies tab -Select the policy set for the smart phone and select the Compliance Manager tab -Verify An iOS rule Exists with the 'Application Exceptions' rule type and is set to enabled -select Edit for the iOS rule -Verify Trust only these applications is Selected -verify only allowed applications are added to the "Apps Selected' list |