The results and mitigation actions from MDIS server on site managed mobile OS devices must be maintained by the site for at least 6 months (1 year recommended).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32748 | WIR-WMS-MDIS-01 | SV-43094r1_rule | ECAT-1 | Medium |
| Description |
|---|
| Scan results must be maintained, so auditors can verify mitigation actions have been completed, a scan can be compared to a previous scan, and to determine if there is any security vulnerability trends for site managed mobile OS devices. |
| STIG | Date |
|---|---|
| Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41081r4_chk ) |
|---|
| Review records of scan results indicating a finding, recommended mitigation actions from the scan report, and the site's report on what mitigation action was implemented. Verify mitigation actions on scan findings were implemented at the site. Mark as a finding if mitigation actions have not been implemented after a scan indicates a finding. |
| Fix Text (F-36628r1_fix) |
|---|
| Maintain the results and mitigation actions from Mobile OS device integrity validation tool scans on site managed Mobile OS devices for at least 6 months (1 year recommended). |