The MAM server must prevent unauthorized and unintended access to shared system resources by applications on managed mobile devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32773	WIR-WMS-MAM-07	SV-43119r1_rule	ECWN-1	Medium

Description
Applications on mobile devices must be prohibited from performing insecure actions on the device, including reading data from another application's memory space, accessing the contacts list and sending emails to all contacts in the list, turning on the device microphone and recording nearby conversations without user awareness, and sending device data to a non-DoD server. The primary way to stop these types of actions is to assign device resource access permissions when the application is installed. The MAM must support this capability.

Description

Applications on mobile devices must be prohibited from performing insecure actions on the device, including reading data from another application's memory space, accessing the contacts list and sending emails to all contacts in the list, turning on the device microphone and recording nearby conversations without user awareness, and sending device data to a non-DoD server. The primary way to stop these types of actions is to assign device resource access permissions when the application is installed. The MAM must support this capability.

STIG	Date
Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG)	2012-07-20

Details

Check Text ( C-41106r4_chk )
Verify the MAM server prevents unauthorized and unintended access to shared system resources by applications on managed mobile devices. Talk to the site system administrator and have them show this capability exists in the MAM server as is enabled. Also, review MAM product documentation. Mark as a finding if the MAM server does not have required features.

Fix Text (F-36654r2_fix)
Use a MAM product that prevents unauthorized and unintended access to shared system resources by applications on managed mobile devices and enable the feature.