The MAM server must be configured to prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32770 | WIR-WMS-MAM-04 | SV-43116r1_rule | DCPR-1 | Medium |
| Description |
|---|
| Some required applications are used to implement required security controls, which affect the security baseline of the device. If the security baseline is not maintained, sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised. |
| STIG | Date |
|---|---|
| Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41104r7_chk ) |
|---|
| Interview the IAM/IAO and obtain a list of required applications. These are applications that must be present on managed devices. Note the list of applications may be different for different groups of users. Verify the MAM server has been configured to prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed. Talk to the site system administrator and have them show this capability has been configured on the MAM server. Also, review MAM product documentation. Mark as a finding if the MAM server is not configured to prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed. Note that it also a finding if the MAM server does not have required capabilities. |
| Fix Text (F-36652r4_fix) |
|---|
| Configure the MAM server to prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed. |