The mobile app must accept Public Key Infrastructure (PKI) credentials.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000391-MAPP-000100 | SRG-APP-000391-MAPP-000100 | SRG-APP-000391-MAPP-000100_rule | Medium |
| Description |
|---|
| The use of PKI credentials facilitates standardization and reduces the risk of unauthorized access. The DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2014-07-22 |
Details
| Check Text ( C-SRG-APP-000391-MAPP-000100_chk ) |
|---|
| Review the mobile app configuration, code, vendor documentation or JITC Certification to determine if the mobile app accepts PKI credentials for access to DODIN. If it does not, this is a finding. |
| Fix Text (F-SRG-APP-000391-MAPP-000100_fix) |
|---|
| Configure or code the mobile app to accept PKI credentials. |