UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MAM server must scan the list of installed applications on managed mobile devices every 6 hours or less to determine if unapproved applications are installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32771 WIR-WMS-MAM-05 SV-43117r1_rule ECAT-1 High
Description
An unauthorized application could contain malware or be a malware application.
STIG Date
Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41105r8_chk )
Note: For some implementations, this requirement may be accomplished by the MDM server rather than the MAM server. If that is the case for the system under review, perform the following procedure for the MDM server instead of the MAM server:

-Verify the MAM server scans the list of installed applications on managed mobile devices on a predefined periodic basis (at least every 6 hours). The MAM server must be able to scan for both managed and unmanaged applications in both work and non-work environments on the device (if the device supports more than one environment).

-Talk to the site system administrator and have them show these capabilities exist in the MAM server. Also, review MAM product documentation.

Mark as a finding if the MAM server does not have required features.
Fix Text (F-36653r4_fix)
Use a MAM product that scans the list of installed applications on managed mobile devices on a predefined periodic basis.