The master AES encryption key used to encrypt data between the management server and the agent on the mobile device must be changed on a periodic basis.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33231 | WIR-WMS-MDM-03 | SV-43637r1_rule | IAKM-1 | Low |
| Description |
|---|
| If the master encryption key is not rotated periodically, and it is compromised, all future data sent between the mobile management server and the agent located on the mobile device would be compromised. Limiting the compromise to no more than a specific period of data is a security best practice. |
| STIG | Date |
|---|---|
| Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41503r1_chk ) |
|---|
| This requirement applies to any mobile management server, including the MDM, MAM, MDIS, and MEM. Work with the server system administrator to view the configuration of the master encryption key on the server. Verify AES is used for the master encryption key and it is set to rotate at least every 30 days. Mark as a finding if the master encryption key is not rotated at least every 30 days or AES encryption is not used. |
| Fix Text (F-37140r1_fix) |
|---|
| Use an AES master encryption key and set it to rotate at least every 30 days. |