UCF STIG Viewer Logo

The Good Mobility Suite email client must verify all digital certificates in the certificate chain when performing PKI transactions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-53115 GOOD-00-000110 SV-67331r1_rule Low
Description
If an adversary is able to compromise one of the certificates in the certificate chain, the adversary may be able to sign lower-level certificates in the chain. This would enable the adversary to masquerade as other users or systems. By providing the mobile user with such false assurance, the adversary may be able obtain DoD information, capture authentication credentials, and perform other unauthorized functions. Verifying all digital certificates in the chain mitigates this risk.
STIG Date
Good for Enterprise 8.x Security Technical Implementation Guide 2014-08-18

Details

Check Text ( C-54619r1_chk )
Review the Good Mobility Suite configuration to verify the mobile email client verifies all digital certificates in the certificate chain (user, intermediate, and root) when performing PKI transactions. Otherwise, this is a finding.
Fix Text (F-57925r2_fix)
Configure the Good Mobility Suite verifies all digital certificates in the certificate chain (user, intermediate, and root) when performing PKI transactions.

-Launch the Good Mobile Control Web console, select the Settings tab, and open the Secure Messaging (S/MIME) section
-Verify Enable Secure Messaging (S/MIME) is checked
-In addition, click on the Policies tab
-Select the policy set for the smart phone and click on Good For Enterprise Authentication
-Verify Enable S/MIME is checked