The MAM server must be able to obtain applications from a DoD managed application store.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32767 | WIR-WMS-MAM-01 | SV-43113r1_rule | DCSQ-1 | Medium |
| Description |
|---|
| Applications installed on the device must come from approved sources to ensure the security baseline of the device is not compromised by the application, otherwise sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised. |
| STIG | Date |
|---|---|
| Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41101r3_chk ) |
|---|
| Verify the MAM server can obtain applications from a DoD managed application store. Talk to the site system administrator and have them show this capability exists in the MAM server. Also, review MAM product documentation. Mark as a finding if the MAM server does not have required features. |
| Fix Text (F-36649r1_fix) |
|---|
| Use an MAM product that is able to obtain applications from a DoD managed application store. |