The MDIS server must provide a near real-time alert when any compromise or potential compromise indicators occurs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32754 | WIR-WMS-MDIS-07 | SV-43100r1_rule | ECAT-1 | High |
| Description |
|---|
| Detection of possible compromise of a DoD mobile device is a key security control to insure the compromise does not result in the exposure of sensitive DoD data or lead to a successful attack on the DoD network. Timely alerting is required to ensure proper management oversight is provided to mitigation actions to reduce the effect of the compromise. Compromise indicators include the following: -Unauthorized software on the device. -Jailbroken or rooted device. -Changes in file structure or files on the device. -Unexpected changes in applications installed on the device. -Integrity check failure of all operating system files, device drivers, and security enforcement mechanisms at device startup. |
| STIG | Date |
|---|---|
| Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Details
| Check Text ( C-41087r9_chk ) |
|---|
| Verify the MDIS server implements detection and inspection mechanisms to provide near real-time alerts when any compromise or potential compromise indicator occur. Talk to the site system administrator and have them show this capability exists in the MDIS server and is enabled. Also, review MDIS product documentation. Mark as a finding if the MDIS server does not have required features. |
| Fix Text (F-36636r8_fix) |
|---|
| Use an MDIS product that implements near real-time alerts when any compromise or potential compromise indicator occur and enable the feature. |