The results and mitigation actions from MDIS server on site managed mobile OS devices must be maintained by the site for at least 6 months (1 year recommended).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32748 | WIR-WMS-MDIS-01 | SV-43094r1_rule | ECAT-1 | Medium |
| Description |
|---|
| Scan results must be maintained so auditors can verify mitigation actions have been completed, so a scan can be compared to a previous scan, and to determine if there are any security vulnerability trends for site-managed mobile OS devices. |
| STIG | Date |
|---|---|
| Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Details
| Check Text ( C-41081r6_chk ) |
|---|
| Review records of scans results, mitigation actions, and date that scans took place. Verify scan results and mitigation actions are available for at least a 6 month period (1 year recommended). Mark as a finding if mitigation scan results and mitigation actions are not maintained for at least 6 months. |
| Fix Text (F-36628r3_fix) |
|---|
| Mark as a finding if mitigation scan results and mitigation actions are not maintained for at least 6 months. |