Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32766 | WIR-WMS-MDIS-19 | SV-43112r1_rule | ECAR-1 | Low |
Description |
---|
Accurate scan results and mitigation actions must be maintained so auditors can verify mitigation actions have been completed, so a scan can be compared to a previous scan, and to determine if there is any security vulnerability trends for site managed mobile OS devices. |
STIG | Date |
---|---|
Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Check Text ( C-41100r3_chk ) |
---|
Verify the MDIS server provides the capability for the site administrator to amend information on mitigation actions that have taken place (e.g., wipe the device) to the scan report before the report is archived. Talk to the site system administrator and have them show this capability exists in the MDIS server. Also, review MDIS product documentation. Mark as a finding if the MDIS server does not have required features. |
Fix Text (F-36648r2_fix) |
---|
Use a MDIS product that provides the capability for the site administrator to amend information on mitigation actions that have taken place (e.g., wipe the device) to the scan report before the report is archived. |