The MDIS server must identify the affected mobile device, the severity of the finding, and provide a recommended mitigation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32760 | WIR-WMS-MDIS-13 | SV-43106r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| A finding notification cannot be acted on unless it identifies the affected device. In addition, the system administrator requires information on the severity of the finding and possible mitigation actions in order initiate mitigation activities to limit the success of a possible compromise. |
| STIG | Date |
|---|---|
| Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Details
| Check Text ( C-41093r6_chk ) |
|---|
| Verify the MDIS server identifies the affected mobile device, the severity of the finding, and provides a recommended mitigation. Talk to the site system administrator and have them show this capability exists in the MDIS server and is enabled. Also, review MDIS product documentation. Mark as a finding if the MDIS server does not have required features. |
| Fix Text (F-36642r4_fix) |
|---|
| Use an MDIS product that identifies the affected mobile device, the severity of the finding, and provides a recommended mitigation and enable the feature. |