Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32767 | WIR-WMS-MAM-01 | SV-43113r1_rule | DCSQ-1 | Medium |
Description |
---|
Applications installed on the device must come from approved sources to ensure the security baseline of the device is not compromised by the application, otherwise sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised. If the MAM obtains applications from unauthorized sources, the application could contain malware and modify the security baseline of the mobile device, which may result in the exposure of sensitive DoD data. |
STIG | Date |
---|---|
Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Check Text ( C-41101r4_chk ) |
---|
The MAM server must only host DoD approved applications. Verify the MAM server can obtain applications from a DoD-managed application store. Talk to the site system administrator and have them show this capability exists in the MAM server. Also, review MAM product documentation. Note: It may be possible that a DoD app store includes some or all MAM server requirements. If all required MAM functions are found in the DoD app store, this check is not applicable. Mark as a finding if the MAM server does not have required features. |
Fix Text (F-36649r2_fix) |
---|
Use an MAM product that is able to obtain applications from a DoD-managed application store. |