The MAM server must take predefined actions if unapproved applications are found after a scan of managed mobile devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34417	WIR-WMS-MAM-06	SV-45051r1_rule	ECAT-1	High

Description
An unauthorized application could contain malware or be a malware application. If the malware is not removed in a timely manner, DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised.

STIG	Date
Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG)	2013-05-08

Details

Check Text ( C-42428r2_chk )
Note: For some implementations, this requirement may be accomplished by the MDM server rather than the MAM server. If that is the case for the system under review, perform the following procedure for the MDM server: -Verify the MAM server is configured so if a finding occurs during a scan, the server alerts the system administrator and disables or isolates unauthorized applications. -Verify the MAM server has the capability to be configured by the system administrator to automatically delete unauthorized applications or wipe the mobile device after an unauthorized application is found. (These are optional settings that are recommended, but not required to be set by the system administrator.) -Talk to the site system administrator and have them show these capabilities exist in the MAM server. Also, review MAM product documentation. Mark as a finding if the MAM server does not have required features.

Check Text ( C-42428r2_chk )

Note: For some implementations, this requirement may be accomplished by the MDM server rather than the MAM server. If that is the case for the system under review, perform the following procedure for the MDM server:

-Verify the MAM server is configured so if a finding occurs during a scan, the server alerts the system administrator and disables or isolates unauthorized applications.

-Verify the MAM server has the capability to be configured by the system administrator to automatically delete unauthorized applications or wipe the mobile device after an unauthorized application is found. (These are optional settings that are recommended, but not required to be set by the system administrator.)

-Talk to the site system administrator and have them show these capabilities exist in the MAM server. Also, review MAM product documentation.

Mark as a finding if the MAM server does not have required features.

Fix Text (F-38462r1_fix)
Use a MAM product that takes predefined actions if unapproved applications are found on managed mobile devices after a scan.