The MAM server must manage a list of authorized applications (white list) by device account and by group account.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32769 | WIR-WMS-MAM-03 | SV-43115r1_rule | DCPR-1 | High |
| Description |
|---|
| Application white list enforcement ensures only authorized applications are installed on managed mobile devices. An unauthorized application could contain malware. In addition, the white list feature ensures malware from an email attachment or from a web site has not been installed on the device. |
| STIG | Date |
|---|---|
| Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41103r7_chk ) |
|---|
| Verify the MAM server can manage a list of authorized applications (white list) by device account and by group account. Talk to the site system administrator and have them show this capability exists in the MAM server. Also, review MAM product documentation. Mark as a finding if the MAM server does not have required features and is not configured as required. |
| Fix Text (F-36651r5_fix) |
|---|
| Use a MAM product that can manage a list of authorized applications (white list) by device account and by group account. |