The MDIS server must provide a near real-time alert when any of the organization defined list of compromise or potential compromise indicators occurs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32754	WIR-WMS-MDIS-07	SV-43100r1_rule	ECAT-1	High

Description
Detection of possible compromise of a DoD mobile device is a key security control to insure the compromise does not result in the exposure of sensitive DoD data or lead to a successful attack on the DoD network. Timely alerting is required to ensure proper management oversight is provided to mitigation actions to reduce the effect of the compromise.

STIG	Date
Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG)	2012-07-20

Details

Check Text ( C-41087r4_chk )
Verify the MDIS server and agent implement detection and inspection mechanisms to provide near real-time alerts to a defined list of site personnel when any of the organization defined list of compromise or potential compromise indicators occurs. Talk to the site system administrator and have them show this capability exists in the MDIS server and is enabled. Also, review MDIS product documentation. Mark as a finding if the MDIS server does not have required features.

Check Text ( C-41087r4_chk )

Verify the MDIS server and agent implement detection and inspection mechanisms to provide near real-time alerts to a defined list of site personnel when any of the organization defined list of compromise or potential compromise indicators occurs. Talk to the site system administrator and have them show this capability exists in the MDIS server and is enabled. Also, review MDIS product documentation.

Mark as a finding if the MDIS server does not have required features.

Fix Text (F-36636r4_fix)
Use a MDIS product that implements near real-time alerts to a defined list of site personnel when any of the organization defined list of compromise or potential compromise indicators occurs and enable the feature.