UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MAM server must be able to obtain applications from a DoD- managed application store.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32767 WIR-WMS-MAM-01 SV-43113r1_rule DCSQ-1 Medium
Description
Applications installed on the device must come from approved sources to ensure the security baseline of the device is not compromised by the application, otherwise sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised. If the MAM obtains applications from unauthorized sources, the application could contain malware and modify the security baseline of the mobile device, which may result in the exposure of sensitive DoD data.
STIG Date
Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41101r4_chk )
The MAM server must only host DoD approved applications.
Verify the MAM server can obtain applications from a DoD-managed application store. Talk to the site system administrator and have them show this capability exists in the MAM server. Also, review MAM product documentation.
Note: It may be possible that a DoD app store includes some or all MAM server requirements. If all required MAM functions are found in the DoD app store, this check is not applicable.

Mark as a finding if the MAM server does not have required features.
Fix Text (F-36649r2_fix)
Use an MAM product that is able to obtain applications from a DoD-managed application store.