Detection of possible compromise of a DoD mobile device is a key security control to insure the compromise does not result in the exposure of sensitive DoD data or lead to a successful attack on the DoD network. File structure changes are a key indicator of possible device compromise.
Verify the MDIS server identifies changes in file structure and files on the mobile device. Talk to the site system administrator and have them show this capability exists in the MDIS server. Also, review MDIS product documentation.
Mark as a finding if the MDIS server does not have required features.
Fix Text (F-36645r4_fix)
Use an MDIS product that identifies changes in file structure and files on the mobile device.