UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MDIS server must verify the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and at least every six hours thereafter, using one or more DoD-approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32758 WIR-WMS-MDIS-11 SV-43104r1_rule DCSS-2 High
Description
Detection of possible compromise of a DoD mobile device is a key security control to insure the compromise does not result in the exposure of sensitive DoD data or lead to a successful attack on the DoD network. Analysis has determined scans must be performed at least every 6 hours.
STIG Date
Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41091r8_chk )
Verify the MDIS server checks the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and at least every six hours; thereafter using one or more DoD approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline.

Talk to the site system administrator and have them show this capability exists in the MDIS server and is enabled. Also, review MDIS product documentation.

Mark as a finding if the MDM server does not meet the requirement.

Note: iOS 6 scans all operating system files, device drivers, and security enforcement mechanisms at startup, so the first part of this requirement is met by default. iOS 6 does not repeat the system scan every 6 hours. If a third-party application is not used to scan all operating system files, device drivers, and security enforcement mechanisms every six hours there is a finding and the Severity should be downgraded to CAT II.
Fix Text (F-36640r4_fix)
Use an MDIS product that verifies the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and at least every six hours thereafter using one or more DoD approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline and enable the features.