Password or CAC authentication to the security container on the mobile device must be enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25032 | WIR-GMMS-001 | SV-30832r2_rule | ECWN-1 IAIA-1 | Medium |
| Description |
|---|
| A hacker could gain access to sensitive data in the security container on the mobile device and gain an attack vector to the enclave if the password access control/authentication feature of the application is not enabled. A security container is required on any device that uses a mobile OS that with an encryption module is not FIPS 140-2 validated. |
| STIG | Date |
|---|---|
| Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Details
| Check Text ( C-31255r9_chk ) |
|---|
| If the MDM agent provides the mobile device security container, use the following procedure for verifying requirement is met: 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each security policy iOS devices are assigned to and, in turn, verify the required settings are in the policy. Verify that either password or CAC authentication has been enabled for the MDM agent. Mark as a finding if the MDM agent password (or CAC authentication) is not enabled. Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database. For the Good Technology MDM server: -Verify S/MIME with password-protected lock screen or CAC PIN (Enables S/MIME) is checked. -If “Authenticate with CAC PIN” is checked (CAC authentication is required) verify “Require CAC to be present” is also checked. Note: if “Authenticate with CAC PIN” is not checked, then “Require CAC to be present” does not need to be checked. |
| Fix Text (F-27719r2_fix) |
|---|
| Enable password or CAC access to the security container app on the mobile device. |