The MAM server must prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32770 | WIR-WMS-MAM-04 | SV-43116r1_rule | DCPR-1 | Medium |
| Description |
|---|
| Some required applications are used to implement required security controls, which affect the security baseline of the device. If the security baseline is not maintained sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised. |
| STIG | Date |
|---|---|
| Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41104r4_chk ) |
|---|
| Verify the MAM server can prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed. Verify the MAM is configured to prohibit the removal of required applications on site managed mobile devices. Talk to the site system administrator and have them show this capability exists in the MAM server. Also, review MAM product documentation. Mark as a finding if the MAM server does not have required features and is not configured as required. |
| Fix Text (F-36652r2_fix) |
|---|
| Use a MAM product that is able to prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed. Configure the MAM to prohibit the removal of required applications on site managed mobile devices. |