The Good Mobility Suite server must force the display of a warning banner on the mobile device via centrally managed policy.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-53153	GOOD-00-000240	SV-67369r1_rule		Medium

Description
Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of a Good Mobility Suite allows an organization to assign values to security-related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large-scale environment relative to an environment in which each device must be configured separately. The warning banner must be displayed before or immediately after the user successfully unlocks the mobile device or unlocks a secure application where sensitive DoD data is stored: "I've read & consent to terms in IS user agreement." (Wording must be exactly as specified.)

Description

Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of a Good Mobility Suite allows an organization to assign values to security-related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large-scale environment relative to an environment in which each device must be configured separately. The warning banner must be displayed before or immediately after the user successfully unlocks the mobile device or unlocks a secure application where sensitive DoD data is stored: "I've read & consent to terms in IS user agreement." (Wording must be exactly as specified.)

STIG	Date
Good for Enterprise 8.x Security Technical Implementation Guide	2014-08-18

Details

Check Text ( C-54641r1_chk )
Review the Good Mobility Suite server policy configuration to determine the display of a warning banner on the mobile device is being forced. If there are multiple policies, they must all be reviewed. Otherwise, this is a finding.

Fix Text (F-57963r2_fix)
Configure the centrally managed Good Mobility Suite server policy rule to force the display of a warning banner on the mobile device. -Create a Notepad text file, and enter the following and then save as disclaimer.xml (DO NOT DEVIATE FROM BELOW CONTENT) : -Launch the Good Mobile Control Web console and click on the Policies tab -Select a policy set to review and click on the policy -On the left tab, select Compliance Manager and click Add Rule -Select iOS as the Rule Platform - Under Check to run select custom - Enter a Name and Description for your Rule - Under Perform Checks select Rule file and upload your Disclaimer.xml - Click Okay to save the rule to compliance manger - Select the newly created rule and click enable - Click Save to save the Policy

Fix Text (F-57963r2_fix)

Configure the centrally managed Good Mobility Suite server policy rule to force the display of a warning banner on the mobile device.

-Create a Notepad text file, and enter the following and then save as disclaimer.xml (DO NOT DEVIATE FROM BELOW CONTENT) :

-Launch the Good Mobile Control Web console and click on the Policies tab
-Select a policy set to review and click on the policy
-On the left tab, select Compliance Manager and click Add Rule
-Select iOS as the Rule Platform
- Under Check to run select custom
- Enter a Name and Description for your Rule
- Under Perform Checks select Rule file and upload your Disclaimer.xml
- Click Okay to save the rule to compliance manger
- Select the newly created rule and click enable
- Click Save to save the Policy