The MAM server must scan the list of installed applications on managed mobile devices on a predefined periodic basis and take a predefined action if unapproved applications are found.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32771	WIR-WMS-MAM-05	SV-43117r1_rule	ECAT-1	High

Description
An unauthorized application could contain malware or be a malware application. If the malware is not removed in a timely manner, DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised.

STIG	Date
Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG)	2012-07-20

Details

Check Text ( C-41105r5_chk )
Note: For some implementations, this requirement may be accomplished by the MDM server rather than the MAM server. If that is the case for the system under review, perform the following procedure for the MDM server. -Verify the MAM server scans the list of installed applications on managed mobile devices on a predefined periodic basis (at least every 6 hours) and takes a predefined action if unapproved applications are found. The MAM server must be able to scan for both managed and unmanaged applications in both a work and non-work environments on the device (if the device supports more than one environment). -Verify the MAM is configured so if a finding occurs during a scan, the MAM alerts the system administrator and disables or isolates unauthorized applications. -Verify the MAM has the capability to be configured by the system administrator to automatically delete unauthorized applications or wipe the mobile device after an unauthorized application is found (these are optional settings that are recommended but not required to be set by the system administrator). -Talk to the site system administrator and have them show these capabilities exist in the MAM server. Also, review MAM product documentation. Mark as a finding if the MAM server does not have required features.

Check Text ( C-41105r5_chk )

Note: For some implementations, this requirement may be accomplished by the MDM server rather than the MAM server. If that is the case for the system under review, perform the following procedure for the MDM server.

-Verify the MAM server scans the list of installed applications on managed mobile devices on a predefined periodic basis (at least every 6 hours) and takes a predefined action if unapproved applications are found. The MAM server must be able to scan for both managed and unmanaged applications in both a work and non-work environments on the device (if the device supports more than one environment).

-Verify the MAM is configured so if a finding occurs during a scan, the MAM alerts the system administrator and disables or isolates unauthorized applications.

-Verify the MAM has the capability to be configured by the system administrator to automatically delete unauthorized applications or wipe the mobile device after an unauthorized application is found (these are optional settings that are recommended but not required to be set by the system administrator).

-Talk to the site system administrator and have them show these capabilities exist in the MAM server. Also, review MAM product documentation.

Mark as a finding if the MAM server does not have required features.

Fix Text (F-36653r3_fix)
Use a MAM product that scans the list of installed applications on managed mobile devices on a predefined periodic basis and takes predefined actions if unapproved applications are found.