UCF STIG Viewer Logo

The MDIS server must base recommended mitigations for findings on the identified risk level of the finding.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32761 WIR-WMS-MDIS-14 SV-43107r1_rule ECAR-1 Medium
Description
Detection of possible compromise of a DoD mobile device is a key security control to insure the compromise does not result in the exposure of sensitive DoD data or lead to a successful attack on the DoD network. Since the MDIS is an automated capability, the server must be able to determine the severity of the finding and provide a recommended mitigation to ensure timely action to mitigate the finding.
STIG Date
Mobile Device Integrity Scanning (MDIS) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41094r5_chk )
Verify the MDIS server bases recommended mitigations for findings on the identified risk level of the finding. Talk to the site system administrator and have them show this capability exists in the MDIS server. Also, review MDIS product documentation.

Mark as a finding if the MDIS server does not have required features.
Fix Text (F-36643r4_fix)
Use an MDIS product that bases recommended mitigations for findings on the identified risk level of the finding.