The MDIS server must scan for malicious code on managed mobile devices on an organization defined frequency.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32752 | WIR-WMS-MDIS-05 | SV-43098r1_rule | DCMC-1 | Medium |
| Description |
|---|
| Detection of possible compromise of a DoD mobile device is a key security control to insure the compromise does not result in the exposure of sensitive DoD data or lead to a successful attack on the DoD network. |
| STIG | Date |
|---|---|
| Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41085r4_chk ) |
|---|
| Verify the MDIS server and agent scan for malicious code on managed mobile devices on an organization defined frequency (at least every 6 hours). Talk to the site system administrator and have them show this capability exists in the MDIS server. Also, review MDIS product documentation. Mark as a finding if the MDIS server does not have required features. |
| Fix Text (F-36633r2_fix) |
|---|
| Use a MDIS product that scans for malicious code on managed mobile devices on an organization defined frequency (at least every 6 hours). |