The mobile app must utilize ports or protocols in a manner consistent with DoD Ports and Protocols guidance.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-APP-000142-MAPP-000032	SRG-APP-000142-MAPP-000032	SRG-APP-000142-MAPP-000032_rule		Medium

Description
Failure to comply with DoD Ports, Protocols Services Management (PPSM) Category Assurance List (CAL) and associated vulnerability assessments may result in compromise of mobile protections or functionality of the app. Ports that are incorrectly used leave the app and device vulnerable to exposure from attacks that exploit ports that are open, are not used, and have no protection. This control assures that all application ports, protocols, and services needed for the app operation are in compliance with the DoD PPSM guidance. Implementing this control also mitigates the threat from malicious exploitation of open and unprotected ports that can lead to data integrity and confidentiality risks.

Description

Failure to comply with DoD Ports, Protocols Services Management (PPSM) Category Assurance List (CAL) and associated vulnerability assessments may result in compromise of mobile protections or functionality of the app. Ports that are incorrectly used leave the app and device vulnerable to exposure from attacks that exploit ports that are open, are not used, and have no protection. This control assures that all application ports, protocols, and services needed for the app operation are in compliance with the DoD PPSM guidance. Implementing this control also mitigates the threat from malicious exploitation of open and unprotected ports that can lead to data integrity and confidentiality risks.

STIG	Date
Mobile Application Security Requirements Guide	2014-07-22

Details

Check Text ( C-SRG-APP-000142-MAPP-000032_chk )
Perform a documentation review to assess all necessary ports, services, and protocols needed for the app's operation. Next conduct a static analysis to assess which ports are open, services used, and protocols available during the operation of the app. If a static analysis is not feasible, conduct a dynamic program analysis in conjunction with port scanning or protocol analysis tools to determine how the app uses network ports. Next, review the documentation at the following URL. (http://iase.disa.mil/ports/index.html) Compare the findings of the above two documents and the static analysis results to assess if the ports, protocols, and services are in compliance with the Ports Protocols Services Management (PPSM) guidance, available at the above URL. If the documentation review and/or the static program analysis reveal that the app is not in compliance with DoD Ports and Protocols guidance, this is a finding.

Check Text ( C-SRG-APP-000142-MAPP-000032_chk )

Perform a documentation review to assess all necessary ports, services, and protocols needed for the app's operation. Next conduct a static analysis to assess which ports are open, services used, and protocols available during the operation of the app. If a static analysis is not feasible, conduct a dynamic program analysis in conjunction with port scanning or protocol analysis tools to determine how the app uses network ports. Next, review the documentation at the following URL. (http://iase.disa.mil/ports/index.html)
Compare the findings of the above two documents and the static analysis results to assess if the ports, protocols, and services are in compliance with the Ports Protocols Services Management (PPSM) guidance, available at the above URL. If the documentation review and/or the static program analysis reveal that the app is not in compliance with DoD Ports and Protocols guidance, this is a finding.

Fix Text (F-SRG-APP-000142-MAPP-000032_fix)
Configure or code the mobile app so that it uses ports and protocols in accordance with the DoD PPSM.