UCF STIG Viewer Logo

Mitigation actions must be implemented based on integrity validation scan findings.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32749 WIR-WMS-MDIS-02 SV-43095r1_rule ECWN-1 High
Description
If mitigation actions are not implemented after a scan finding, DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised. The IAO should determine the appropriate mitigation action based on the scan finding report and any other analysis performed by site Information Assurance (IA) staff. It is expected that the system administrator or IAO will approve all mitigation actions before they are implemented, including those implemented by the server (for example, device wipe).
STIG Date
Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) 2013-01-17

Details

Check Text ( C-41082r7_chk )
Review records of scan results indicating a finding, recommended mitigation actions from the scan report and on-site analysis, and mitigation actions implemented by the site that are listed in the site's report. Verify mitigation actions were implemented at the site.

Mark as a finding if mitigation actions have not been implemented after a scan indicates a finding.
Fix Text (F-36629r1_fix)
Implement required mitigation actions.