| V-36344 | High | The MDM server must protect audit tools from unauthorized access.
| Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may... |
| V-36347 | High | The MDM server must protect audit tools from unauthorized deletion.
| Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may... |
| V-36341 | High | The MDM server must capture/record and log all content related to an administrator session.
| Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or... |
| V-36342 | High | The MDM server must initiate session auditing upon start up.
| Without session-level auditing, IA and IT professionals do not have the complete picture, in detail, of what is transpiring on their systems. Without the session-level auditing capability, it is... |
| V-36343 | High | The MDM server must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event.
| MDM server auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes: timestamps, source and... |
| V-36262 | High | The MDM server must support and maintain the binding of digital signatures on software components and applications in process.
| Digital signatures enable the system to verify the integrity of the signed object and authenticate the object’s signatory. Failure to maintain the binding of digital signatures on software... |
| V-36349 | High | The MDM server must use cryptographic mechanisms to protect the integrity of audit tools.
| Auditing and logging are key components of any security architecture. It is essential security personnel know what is being done, what attempted to be done, where it was done, when it was done,... |
| V-36264 | High | The MDM server must support and maintain the binding of digital signatures on information in transmission.
| Digital signatures enable the system to verify the integrity of the signed object and authenticate the object’s signatory. Failure to maintain the binding of digital signatures on software... |
| V-36430 | High | The MDM server must have a DoD approved host-based firewall installed on the host server.
| Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
| V-36195 | High | The MDM server device integrity validation component must identify unexpected changes in applications installed on the mobile device.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36194 | High | The MDM server device integrity validation component must identify changes in file structure and files on the mobile device.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36196 | High | The MDM server device integrity validation component must have the capability to maintain change history of individual devices.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36190 | High | The MDM server device integrity validation component must base recommended mitigations for findings on the identified risk level of the finding.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36192 | High | The MDM server device integrity validation component must operate separate and independent of the management of the mobile devices security policy.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36054 | High | The MDM server must employ NSA approved cryptography when cryptography is required to protect classified information. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. NSA approval is required for cryptography for classified data and applications when such... |
| V-36198 | High | The MDM server device integrity validation component must provide the capability for the site administrator to amend information on mitigation actions that have taken place (e.g., wipe the device) to the scan report before the report is archived.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36238 | High | The MDM server must prevent modification of key material except during secure, non-operable system states.
| Secure, non-operable system states are states in which the information system is not performing mission/business-related processing (e.g., the system is off-line for maintenance, troubleshooting,... |
| V-36029 | High | The MDM server must be capable of scanning the hardware version of managed mobile devices and alert if unsupported versions are found.
| Approved versions of devices have gone though all required phases of testing, approval, etc., and are able to support required security features. Using non-approved versions of mobile device... |
| V-36028 | High | The MDM server must utilize only approved versions of components, including the mobile device integrity scanning component and mobile email management component (if used).
| Approved versions of components have gone though all required phases of testing, approval, etc. Using non-approved versions of server components could compromise the functionality of the MDM... |
| V-36010 | High | The MDM server, when the maximum number of unsuccessful attempts is exceeded, must automatically lock the account for an organization defined time period or must lock the account until released by an administrator IAW organizational policy.
| One of the most prevalent ways an attacker tries to gain access to a system is by repeatedly trying to access an account and guessing a password.
To reduce the risk of malicious access attempts... |
| V-36016 | High | The MDM server must have the ability to retain a session lock remaining in effect until the user re-authenticates using established identification and authentication procedures.
| If the MDM server does not support a lock feature, then anyone who gains access to the application may be able to access sensitive DoD information or perform other authorized functions. The lock... |
| V-36017 | High | The MDM server must lock the application after an organization defined time period.
| If the MDM server does not support a lock feature, then anyone who gains access to the application may be able to access sensitive DoD information or perform other authorized functions. The lock... |
| V-36018 | High | The MDM server must provide the capability for an administrator to lock the application console.
| If the MDM server does not support a lock feature, then anyone who gains access to the application may be able to access sensitive DoD information or perform other authorized functions. The lock... |
| V-36019 | High | The MDM server session lock mechanism, when activated on the server, must place a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen.
| A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the... |
| V-36152 | High | The MDM server must be able to detect if the security policy has been modified, disabled, or bypassed on managed mobile devices.
| If the security policy has been modified in an unauthorized manner, IA is severely degraded and a variety of further attacks are possible. Detecting whether the security policy has been modified... |
| V-36156 | High | The MDM server must deny all connections to DoD network servers by managed mobile devices except for network servers that have the capability to support PKI based mutual authentication between the network server and the mobile device user.
| Device authentication is a solution enabling an organization to manage both users and devices. This requirement applies to MDM servers that provide mobile device and user access to network... |
| V-36181 | High | The MDM server device integrity validation component must use automated mechanisms to alert security personnel when the device has been jailbroken or rooted. | Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a... |
| V-36186 | High | The MDM server device integrity validation component must verify the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and at least every six hours thereafter using one or more DoD approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36187 | High | The MDM server device integrity validation component must not be capable of being disabled or controlled by the user or a mobile device application.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36184 | High | The MDM server device integrity validation component device integrity validation scan interval must be configurable (desired setting is 6 hours or less).
| Unauthorized changes to the operating system software or information on the system can possibly result in integrity or availability concerns. In order to quickly react to this situation, the... |
| V-36063 | High | The MDM server must provide notification to an external device of failed automated security tests on the server.
| Automated security tests are critical in the detection of IA attacks. Such checks include verification of the integrity of system files, device drivers, and security enforcement mechanisms. ... |
| V-36346 | High | The MDM server must protect audit tools from unauthorized modification.
| Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may... |
| V-36268 | High | The MDM server must only allow authorized administrators to associate PKI credentials with information.
| Without the assurance of credential association with the information, policy decisions based on that association become faulty and potentially allow for authorization decisions that are applied... |
| V-36339 | High | The MDM server must ensure remote sessions for accessing the server by an administrator are audited.
| Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or... |
| V-36266 | High | The MDM server must maintain the binding of digital credentials to information with sufficient assurance that the information/credential association can be used as the basis for automated policy actions.
| Without the assurance of credential association with the information, policy decisions based on that association become faulty and potentially allow for authorization decisions that are applied... |
| V-36182 | High | The MDM server must accept alerts from the mobile operating system when the mobile OS has detected integrity check failures.
| Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a... |
| V-36147 | High | The MDM server application white list for managed mobile devices must be set to Deny All by default when no applications are listed.
| The installation and execution of unauthorized software on an operating system may allow the application to obtain sensitive information or further compromise the system. If the system... |
| V-36025 | High | The MDM server must not transmit passwords in clear text.
| Transmission of passwords in clear text reveals the password to any adversary who can successfully eavesdrop on the communication. In the case of wireless communication, the ability to eavesdrop... |
| V-36027 | High | The MDM server must enforce approved authorizations for logical access to the system in accordance with applicable policy.
| Strong access controls are critical to securing the MDM server. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement... |
| V-36020 | High | The MDM server must enforce requirements for remote connections to the information system.
| The organization will define the requirements for connection of remote connections. In order to ensure the connection provides adequate integrity and confidentiality of the connection, the MDM... |
| V-36189 | High | The MDM server device integrity validation component must identify the affected mobile device, severity of the finding, and provide a recommended mitigation.
| One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-36282 | High | The MDM server must support the transfer of audit logs to remote log or management servers.
| MDM server auditing capability is critical for accurate forensic analysis. The ability to transfer audit logs often is necessary to quickly isolate them, protect their integrity, and analyze... |
| V-36179 | High | The MDM server device integrity validation component must include the capability to notify an organization defined list of response personnel who are identified by name and/or by role notifications of suspicious events.
| Integrity checking applications are by their nature designed to monitor and detect defined events occurring on the system. When the integrity checking mechanism finds an anomaly, it must notify... |
| V-36178 | High | The MDM server device integrity validation component must provide a near real-time alert when any of the organization defined list of compromise or potential compromise indicators occurs.
| When an intrusion detection security event occurs it is imperative the operating system that has detected the event immediately notify the appropriate support personnel so they can respond... |
| V-36175 | High | The MDM server device integrity validation component must alert when it identifies malicious code on managed mobile devices.
| Malicious code protection mechanisms include but are not limited to anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be... |
| V-36174 | High | The MDM server device integrity validation component must scan for malicious code on managed mobile devices on an organization defined frequency.
| Malicious code protection mechanisms include but are not limited to anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be caused... |
| V-36173 | High | The MDM server device integrity scanning component must implement detection and inspection mechanisms to identify unauthorized mobile code on managed mobile devices.
| Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously. Mobile code... |
| V-36172 | High | The MDM server device integrity validation component must employ automated mechanisms to detect the presence of unauthorized software on managed mobile devices and notify designated organizational officials in accordance with the organization defined frequency.
| Unauthorized software poses a risk to the device because it could potentially perform malicious functions, including but not limited to gathering sensitive information, searching for other system... |
| V-36170 | High | The MDM server must have the capability to enable and disable a managed mobile device.
| Under some conditions, a compromised device represents a threat to other computing resources on the network. For example, a compromised device may attempt to conduct a denial of service attack on... |
| V-36083 | High | The MDM server must provide mutual authentication between the MDM server and the provisioned device during a trusted over-the-air (OTA) provisioning session.
| If mutual authentication is not performed between the MDM server and the provisioned devices during the provisioning, rogue devices could connect to the MDM server or a rogue MDM server could... |
| V-36085 | High | The MDM server must prevent the installation of applications that are not digitally signed with an organizationally accepted private key.
| Any additions of applications can potentially have significant effects on the overall security of the system. Digital signatures on code provide assurance that the code comes from a known source... |
| V-36288 | High | The MDM server must provide designated alerts to another enterprise network management application using an IPSec, TLS, or SSL encrypted secure connection. | Auditing and logging are key components of any security architecture. Centrally managing audit data provides for easier management of mobility events and is an effective facility for monitoring... |
| V-36285 | High | The MDM server must provide designated alerts to another enterprise network management application using SNMPv3.
| Distributing designated alerts via SNMP will ensure appropriate management personnel and/or management applications receive the alerts.
|
| V-36284 | High | The MDM server must transfer audit logs from managed mobile devices to the MDM server.
| MDM server auditing capability is critical for accurate forensic analysis. The ability to transfer audit logs often is necessary to quickly isolate them, protect their integrity, and analyze... |
| V-36039 | High | The MDM server must require administrators to be authenticated with an individual authenticator prior to using a group authenticator.
| To assure individual accountability and prevent unauthorized access, MDM server administrators and users (and any processes acting on behalf of users) must be individually identified and... |
| V-36032 | High | The MDM server must configure the information system to specifically prohibit or restrict the use of organization defined functions, ports, protocols, and/or services on the server.
| Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
| V-36033 | High | The MDM server host based firewall must be configured to Deny All except when explicitly authorized and block all incoming and outgoing ports, protocols, and IP address ranges except for those required to support the MDM server functions.
| Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
| V-36037 | High | The MDM server must use multifactor authentication via an Enterprise Authentication Mechanism for network access to privileged accounts.
| Single factor authentication poses much unnecessary risk upon any information system as most single factor authentication methods use only a userid and password. Passwords are, in most cases,... |
| V-36058 | High | The MDM server must fail to an organization defined known-state for organization defined types of failures.
| Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. It helps prevent a loss of confidentiality, integrity, or availability... |
| V-36048 | High | The MDM server must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.
| A host-based boundary protection mechanism is a host-based firewall. Host-based boundary protection mechanisms are employed on mobile devices, such as notebook/laptop computers, and other types of... |
| V-36044 | High | The MDM server must employ strong identification and authentication techniques in the establishment of non-local maintenance and diagnostic sessions.
| Lack of authentication enables anyone to gain access to the MDM server. Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization's security... |
| V-36042 | High | The MDM server must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.
| MDM server applications utilizing encryption are required to use approved encryption modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies,... |
| V-36041 | High | The MDM server must disable administrative accounts after an organization defined time period of inactivity.
| Users are often the first line of defense within an application. Active users take notice of system and data conditions and are usually the first to notify systems administrators when they notice... |
| V-36040 | High | The MDM server must use organization defined replay-resistant authentication mechanisms for network access to privileged accounts.
| An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Replay attacks, if... |
| V-36258 | High | The MDM server must support and maintain the binding of digital signatures on software components and applications in storage.
| Digital signatures enable the system to verify the integrity of the signed object and authenticate the object’s signatory. Failure to maintain the binding of digital signatures on software... |
| V-36350 | High | The MDM server must provide transaction recovery to avoid disabling the CMD in the event of an incomplete policy push.
| Since the MDM server controls many mobile devices as well as serving as a gateway into the network infrastructure, the absence of this feature could also enable an adversary to launch an... |
| V-36007 | High | The MDM server must automatically disable inactive administrator accounts after an organization defined time period.
| Users are often the first line of defense within an application. Account management and distribution is vital to the security of the application. If an attacker compromises an account, the entire... |
| V-36006 | High | The MDM server must provide automated support for account management functions. | A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker... |
| V-36038 | High | The MDM server must use multifactor authentication via an Enterprise Authentication Mechanism for local access to privileged accounts.
| Single factor authentication poses much unnecessary risk upon any information system as most single factor authentication methods use only a userid and password. Passwords are, in most cases,... |
| V-36009 | High | The MDM server must enforce the organization defined limit of consecutive invalid access attempts by an administrator during the organization defined time period.
| Anytime an authentication method is exposed so as to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access.
One of the most... |
| V-36008 | High | The MDM server must implement separation of administrator duties by requiring a specific role be assigned to each administrator account.
| Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. Employing a separation of duties model reduces the... |
| V-36164 | High | The MDM server must detect and report the version of the operating system, device drivers, and application software for managed mobile devices.
| Organizations are required to identify information systems containing software affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) and report... |
| V-36165 | High | The MDM server must notify when it detects unauthorized changes to security configuration of managed mobile devices.
| Incident response functions are intended to monitor, detect, and alarm on defined events occurring on the system or on the network. A large part of their functionality is accurate and timely... |
| V-36166 | High | The MDM server must perform required actions when a security related alert is received.
| Incident response functions are intended to monitor, detect, and alarm on defined events occurring on the system or on the network. A large part of their functionality is accurate and timely... |
| V-36098 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable any supported Bluetooth profile.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36099 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable Bluetooth.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36090 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable data-at-rest encryption on the mobile device.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36091 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable device unlock password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36092 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Maximum password age (e.g., 30 days, 90 days, 180 days).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36093 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Minimum password length for the device unlock password is configured to the organizationally defined value when DoD sensitive data is being protected.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36094 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Maximum password history.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36095 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Device inactivity timeout whereby the user must reenter their user password or Smart Card PIN to unlock the device.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36096 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the device inactivity timeout (the following settings must be available, at a minimum: Disable (no timeout), 15 minutes, and 60 minutes).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36097 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the mobile device Bluetooth stack.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36297 | Medium | Malicious code protection applications must update malicious code protection mechanisms only when directed by a privileged user. | Malicious code protection software must be protected to prevent a non-privileged user or malicious piece of software from manipulating the protection update mechanism.
Rationale for... |
| V-36295 | Medium | Intrusion detection software must be able to interconnect using standard protocols to create a system wide intrusion detection system. | When utilizing intrusion detection software, monitoring components are usually dispersed throughout the network, such as, when utilizing HIDS and multiple NIDS sensors. In order to leverage the... |
| V-36293 | Medium | Applications providing malware and/or firewall protection must monitor inbound and outbound communications for unauthorized activities or conditions. | Unusual/unauthorized activities or conditions include internal traffic indicating the presence of malicious code within an information system or propagating among system components, the... |
| V-36291 | Medium | Applications providing IDS and prevention capabilities must prevent non-privileged users from circumventing intrusion detection and prevention capabilities. | Any application providing intrusion detection and prevention capabilities must be architected and implemented so as to prevent non-privileged users from circumventing such protections. This can be... |
| V-36298 | Medium | The application must prevent non-privileged users from circumventing malicious code protection capabilities. | Malicious code protection software must be protected so as to prevent a non-privileged user or malicious piece of software from disabling the protection mechanism. A common tactic of malware is to... |
| V-36345 | Medium | Boundary protection applications must fail securely in the event of an operational failure. | Fail secure is a condition achieved by the application of a set of information system mechanisms to ensure that in the event of an operational failure of a boundary protection device at a managed... |
| V-36269 | Medium | The application must invoke a system shutdown in the event of an audit failure, unless an alternative audit capability exists. | It is critical when a system is at risk of failing to process audit logs as required; it takes action to mitigate the failure. If the system were to continue processing without auditing enabled,... |
| V-36340 | Medium | Applications involved in the production, control, and distribution of asymmetric cryptographic keys must use approved PKI Class 3 or class 4 certificates and hardware tokens that protect the users private key. | Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures.
Rationale for non-applicability: The MDM server... |
| V-36263 | Medium | The application must enforce Discretionary Access Control (DAC) policy allowing users to specify and control sharing by named individuals, groups of individuals, or by both, limiting propagation of access rights and includes or excludes access to the granularity of a single user. | Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices,... |
| V-36261 | Medium | Applications providing information flow control must enforce approved authorizations for controlling the flow of information within the system in accordance with applicable policy. | Information flow control regulates where information is allowed to travel within an information system, and between information systems (as opposed to who is allowed to access the information),... |
| V-36260 | Medium | Applications, when transferring information between different security domains, must implement or incorporate policy filters that constrain data object and structure attributes according to organizational security policy requirements. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36348 | Medium | Applications designed to enforce protocol formats must employ automated mechanisms to enforce strict adherence to protocol format. | Automated mechanisms used to enforce protocol formats include, deep packet inspection firewalls and XML gateways. These devices verify adherence to the protocol specification (e.g., IEEE) at the... |
| V-36265 | Medium | Applications must support the organizational requirement to automatically monitor on atypical usage of accounts. | Atypical account usage is behavior that is not part of normal usage cycles. For example, user account activity occurring after hours or on weekends.
Rationale for non-applicability: The MDM... |
| V-36120 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the video recorder.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36121 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the USB Port mass storage mode.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36122 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable tethering (Wi-Fi, Bluetooth, or USB).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36123 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Force the display of a warning banner on the mobile device.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36124 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Disable any mobile OS service that connects to a non-DoD server.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36125 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of allowed repeated characters in the mobile device unlock password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36126 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Disallow sequential numbers in the mobile device unlock password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36127 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of upper case letters in the device unlock password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36128 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of special characters in the device unlock password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36129 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of lower case letters in the device unlock password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36031 | Medium | The MDM server must employ automated mechanisms to enforce access restrictions.
| When dealing with access restrictions pertaining to change control, it should be noted that, any changes to the hardware, software, and/or firmware components of the information system and/or... |
| V-36197 | Medium | The application must support organizational requirements to enforce password complexity by the number of special characters used. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Rationale for non-applicability: The MDM server will... |
| V-36191 | Medium | The application must perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources when requested by client systems. | A recursive resolving or caching Domain Name System (DNS) server is an example of an information system providing name/address resolution service for local clients.
Rationale for... |
| V-36193 | Medium | Applications designed to address malware issues and/or enforce policy pertaining to organizational use of mobile code must take corrective actions, when unauthorized mobile code is identified. | Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale... |
| V-36056 | Medium | The MDM server must terminate administrator sessions upon administrator logout or any other organization or policy defined session termination events such as idle time limit exceeded.
| If communications sessions remain open for extended periods of time even when unused, there is the potential for an adversary to highjack the session and use it to gain access to the device or... |
| V-36057 | Medium | The MDM server must provide a logout functionality to allow the user to manually terminate the session.
| Manually terminating an application session allows users to immediately depart the physical vicinity of the system they are logged into without the risk of subsequent system users reactivating or... |
| V-36052 | Medium | The cryptographic module supporting encryption of the certificate store must be FIPS 140-2 validated.
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been... |
| V-36053 | Medium | The cryptographic module supporting encryption of data at rest must be FIPS 140-2 validated.
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been... |
| V-36393 | Medium | Applications employed to write data to portable digital media must use cryptographic mechanisms to protect and restrict access to information on portable digital media. | When data is written to portable digital media such as thumb drives, floppy diskettes, compact disks, magnetic tape etc, there is risk of data loss.
Rationale for non-applicability: MDM server... |
| V-36391 | Medium | The application must separate user functionality (including user interface services) from information system management functionality. | Information system management functionality includes, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access.... |
| V-36390 | Medium | Applications must use security policy filters as a basis for making information flow control decisions.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36397 | Medium | The application must employ automated mechanisms enabling authorized users to make information sharing decisions based on access authorizations of sharing partners and access restrictions on information to be shared.
| User based collaboration and information sharing applications present challenges regarding classification and dissemination of information generated and shared among the application users. These... |
| V-36396 | Medium | The application must monitor for unauthorized remote connections to the information system on an organization defined frequency.
| Organizations need to monitor for unauthorized remote access connections to information systems in order to determine if break-in attempts or other unauthorized activity is occurring. There are... |
| V-36395 | Medium | Applications scanning for malicious code must scan all media used for system maintenance prior to use. | There are security-related issues arising from software brought into the information system specifically for diagnostic and repair actions. (e.g., a software packet sniffer installed on a system... |
| V-36279 | Medium | The application must only generate error messages that provide information necessary for corrective actions without revealing organization defined sensitive or potentially harmful information in error logs and administrative messages that could be exploited. | Any application providing too much information in error logs and in administrative messages to the screen risks compromising the data and security of the application and system. The structure and... |
| V-36399 | Medium | The application must support taking organization defined list of least-disruptive actions to terminate suspicious events.
| System availability is a key tenet of system security. Organizations need to have the flexibility to be able to define the automated actions taken in response to an identified incident. This... |
| V-36398 | Medium | Applications related to incident tracking must support organizational requirements to employ automated mechanisms to assist in the tracking of security incidents. | Incident tracking is a method of monitoring networks and systems for activity indicative of viral infection or system attack.
Rationale for non-applicability: An MDM server is not an incident... |
| V-36138 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of upper case letters in the MDM server agent password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36270 | Medium | The MDM server must automatically audit on administrator account creation.
| Auditing of account creation is a method and best practice for mitigating the risk of an attacker creating a persistent method of re-establishing access. A comprehensive account management... |
| V-36271 | Medium | The MDM server must audit any use of privileged accounts, or roles, with access to organization defined security functions or security relevant information, when accessing other system functions.
| This requirement is intended to address those situations where an access control policy, such as Role Based Access Control (RBAC), is being implemented and where a change of role provides the same... |
| V-36309 | Medium | Applications must support organizationally-defined requirements to load and execute from hardware-enforced, read-only media. | Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image. Organizations may require the information system to load specified... |
| V-36300 | Medium | The application must automatically update malicious code protection mechanisms, including signature definitions. Examples include anti-virus signatures and malware data files employed to identify and/or block malicious software from executing. | Anti-virus and malicious software detection applications utilize signature definitions in order to identify viruses and other malicious software. These signature definitions need to be constantly... |
| V-36301 | Medium | Applications providing malicious code protection must support organizational requirements to configure malicious code protection mechanisms to perform real-time scans of files from external sources as the files are downloaded, opened, or executed in accordance with organizational security policy.
| Malicious code protection mechanisms include but are not limited to anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be caused... |
| V-36303 | Medium | The MDM server must centralize the review and analysis of audit records from multiple components within the server.
| Due to the numerous functions a MDM server implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is... |
| V-36304 | Medium | Applications providing malicious code protection must support organizational requirements to update malicious code protection mechanisms (including signature definitions) whenever new releases are available in accordance with organizational configuration management policy and procedures. | Malicious code protection mechanisms include, but are not limited to, anti-virus and malware detection software. In order to minimize potential negative impact to the organization caused by... |
| V-36306 | Medium | Applications required to be non-modifiable must support organizational requirements to provide components that contain no writeable storage capability. These components must be persistent across restart and/or power on/off. | Organizations may require applications or application components to be non-modifiable or to be stored and executed on non-writeable storage. Use of non-modifiable storage ensures the integrity of... |
| V-36234 | Medium | If the MDM server includes a mobile email management capability, the email client must support SHA2 signing operations.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36230 | Medium | If the MDM server includes a mobile email management capability, the email client must provide the mobile device user the capability to decrypt incoming email messages using software or hardware based digital certificates.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36231 | Medium | If the MDM server includes a mobile email management capability, the email client must provide a mechanism to provide certificate validation through a trusted OCSP, CRL, or SCVP.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36407 | Medium | The application must support organizational requirements to enforce password complexity by the number of lower case characters used.
| Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Rationale for non-applicability: The MDM server must... |
| V-36406 | Medium | The application must use organization defined replay-resistant authentication mechanisms for network access to non-privileged accounts. | An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
Rationale for... |
| V-36405 | Medium | The application must have the capability to produce audit records on hardware-enforced, write-once media.
| Applications are typically designed to incorporate their audit logs into the auditing sub-system hosted by the operating system. However, in some instances application developers may decide to... |
| V-36404 | Medium | The application must enforce configurable traffic volume thresholds representing auditing capacity for network traffic.
| It is critical when a system is at risk of failing to process audit logs as required; actions are automatically taken to mitigate the failure. Audit processing failures include: software/hardware... |
| V-36403 | Medium | Applications managing network connections for devices must authenticate devices before establishing wireless network connections by using bidirectional authentication that is cryptographically based. | Device authentication is a solution enabling an organization to manage devices.
Rationale for non-applicability: While the MDM server manages wireless devices, these devices connect to the... |
| V-36402 | Medium | The application must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). | Non-organizational users include all information system users other than organizational users which include organizational employees or individuals the organization deems to have equivalent status... |
| V-36401 | Medium | Applications must include organization defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.
| Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes: timestamps,... |
| V-36400 | Medium | Applications that are designed and intended to address incident response scenarios must provide a configurable capability to automatically disable an information system if any of the organization defined security violations are detected. | When responding to a security incident a capability must exist allowing authorized personnel to disable a particular system if the system exhibits a security violation and the organization... |
| V-36409 | Medium | The application must support organizational requirements to enforce password complexity by the number of numeric characters used.
| Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Rationale for non-applicability: The MDM server must... |
| V-36015 | Medium | The MDM server must limit the number of concurrent sessions for each account to an organization defined number of sessions.
| Limiting the number of concurrent sessions reduces the risk of Denial of Service (DoS) to the MDM server from overburdening the system from a potential attacker. |
| V-36159 | Medium | The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated.
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been... |
| V-36158 | Medium | The MDM server must deny all connections to DoD network servers by managed mobile devices unless the MDM server can support PKI based mutual authentication between the network server and the mobile device user.
| Device authentication is a solution enabling an organization to manage both users and devices. This requirement applies to MDM servers that provide mobile device and user access to network... |
| V-36151 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Disable copying data from inside a security container to a non-secure data area on a mobile device.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36150 | Medium | The MDM server must provide the administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user.
| DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source,... |
| V-36153 | Medium | The MDM server must employ automated mechanisms to respond to unauthorized changes to the security policy or MDM server agent on managed mobile devices. | Uncoordinated or incorrect configuration changes to the MDM server managed components can potentially lead to compromises. Without automated mechanisms to respond to changes, changes can go... |
| V-36155 | Medium | The MDM server must authenticate devices before establishing remote network connections using bidirectional cryptographically based authentication between devices.
| Device authentication is a solution enabling an organization to manage devices. Without the authentication, there is risk of a rogue device being serviced by an MDM server.
|
| V-36154 | Medium | The MDM server must uniquely identify mobile devices managed by the server prior to connecting to the device.
| When managed mobile devices connect to the MDM server the security policy and possible sensitive DoD data will be pushed to the device. In addition, the device may be provided access to... |
| V-36157 | Medium | When the MDM server is configured to allow connections from managed mobile devices to back-office servers and network shares, the server must be configured to accept only trusted connections to those resources.
| Device authentication is a solution enabling an organization to manage both users and devices. This requirement applies to MDM servers that provide mobile device and user access to network... |
| V-36148 | Medium | The MDM server must configure the mobile device to prohibit the mobile device user from installing unapproved applications.
| The operating system must enforce software installation by users based upon what types of software installations are permitted (e.g., updates and security patches to existing software) and what... |
| V-36022 | Medium | The MDM server must protect against an individual falsely denying having performed a particular action.
| Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals include creating information, sending a message,... |
| V-36371 | Medium | Web services applications establishing identities at run-time for previously unknown entities must dynamically manage identifiers, attributes, and associated access authorizations.
| Web services are web applications providing a method of communication between two or more different electronic devices. They are normally used by applications to provide each other with data. ... |
| V-36370 | Medium | Applications must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks. | In the case of application DoS attacks, care must be taken when designing the application so as to ensure that the application makes the best use of system resources. SQL queries have the... |
| V-36373 | Medium | The application must provide a mechanism to automatically terminate accounts designated as temporary or emergency accounts after an organization defined time period.
| Temporary application accounts could ostensibly be used in the event of a vendor support visit where a support representative requires a temporary unique account in order to perform diagnostic... |
| V-36372 | Medium | Applications must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | When it comes to DoS attacks most of the attention is paid to ensuring that systems and applications are not victims of these attacks.
Rationale for non-applicability: This function is better... |
| V-36375 | Medium | Applications must protect against or limit the effects of the organization defined or referenced types of Denial of Service (DoS) attacks. | A variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. For example, boundary protection devices can filter certain types of packets to protect devices on... |
| V-36374 | Medium | Service Oriented Architecture (SOA) based applications must dynamically manage user privileges and associated access authorizations.
| Web services are web applications providing a method of communication between two or more different electronic devices. They are normally used by applications to provide each other with data. ... |
| V-36377 | Medium | Applications must not share resources used to interface with systems operating at different security levels. | The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on... |
| V-36376 | Medium | The application must enforce dual authorization, based on organizational policies and procedures for organization defined privileged commands.
| Dual authorization requires 2 distinct approving authorities to approve the use of an application command prior to it being invoked. This capability is typically reserved for specific application... |
| V-36379 | Medium | Applications must meet organizational requirements to implement an information system isolation boundary that minimizes the number of non-security functions included within the boundary containing security functions. | The information system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the... |
| V-36378 | Medium | Applications must enforce non-discretionary access control policies over users and resources where the policy rule set for each policy specifies: access control information (i.e., attributes) employed by the policy rule set (e.g., position, nationality, age, project, time of day).
| Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices,... |
| V-36272 | Medium | The application must validate the binding of the reviewers identity to the information at the transfer/release point prior to release/transfer from one security domain to another security domain. | This non-repudiation control enhancement is intended to mitigate the risk that information could be modified between review and transfer/release particularly when transfer is occurring between... |
| V-36274 | Medium | Applications must maintain reviewer/releaser identity and credentials within the established chain of custody for all information reviewed or released. | Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received... |
| V-36277 | Medium | The application must associate the identity of the information producer with the information. | Non-repudiation supports audit requirements to provide the appropriate organizational officials the means to identify who produced specific information in the event of an information transfer.... |
| V-36119 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable location services.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36118 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set security policy refresh interval (at least every 1, 6, 12, 24 hours should be supported).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36115 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the mobile device users access to an application store or repository.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36114 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the user's ability to switch devices.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36117 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the mobile device user modification of the security configuration file, policy, or profile on the mobile device.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36116 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Block access to specific web sites.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36111 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the near-field communications (NFC) radio.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36110 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the GPS receiver.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36113 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the memory card port.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36112 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the all cameras.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36183 | Medium | Applications utilizing Discretionary Access Control (DAC) must enforce a policy that limits propagation of access rights. | Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in... |
| V-36180 | Medium | Applications that utilize Discretionary Access Control (DAC) must enforce a policy that Includes or excludes access to the granularity of a single user. | DAC is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write).... |
| V-36185 | Medium | Applications utilizing mobile code must meet DoD-defined mobile code requirements. | Decisions regarding the deployment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale... |
| V-36061 | Medium | The MDM server must support automated patch management tools to facilitate flaw remediation of all software components on the server.
| The organization (including any contractor to the organization) must promptly install security relevant software updates (e.g., patches, service packs, hot fixes). Flaws discovered during... |
| V-36062 | Medium | The MDM server must periodically verify the correct operation of security functions in the server.
| Security functional testing involves testing the operating system for conformance to the operating system security function specifications, as well as, for the underlying security model. The need... |
| V-36064 | Medium | The MDM server must check the validity of information inputs.
| Invalid user input occurs when a user inserts data or characters into an applications data entry fields and the application is unprepared to process that data. This results in unanticipated... |
| V-36380 | Medium | Applications providing information flow control must use explicit security attributes on information, source, and destination objects as a basis for flow control decisions.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36381 | Medium | Applications must isolate security functions enforcing access and information flow control from both non-security functions and from other security functions. | Application functionality is typically broken down into modules that perform various tasks or roles. Examples of non-privileged application functionality include, but are not limited to,... |
| V-36382 | Medium | Applications must enforce information flow control using protected processing domains (e.g., domain type-enforcement) as a basis for flow control decisions.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36383 | Medium | Applications must enforce information flow using dynamic control based on policy that allows or disallows information flow based on changing conditions or operational considerations.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36384 | Medium | Applications must prevent encrypted data from bypassing content-checking mechanisms.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36385 | Medium | Applications must enforce organization defined limitations on the embedding of data types within other data types.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36386 | Medium | Applications must isolate security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of, the hardware, software, and firmware that perform those security functions. The application must isolate security functions from non-security functions. | Security functions are defined as "the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and... |
| V-36387 | Medium | Applications providing remote access must have capabilities that allow all remote access to be routed through managed access control points.
| Remote network access is accomplished by leveraging common communication protocols and establishing a remote connection. These connections will occur over the public Internet.
Remote access is... |
| V-36388 | Medium | Applications must enforce information flow control on metadata.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36389 | Medium | The application must prevent the presentation of information system management-related functionality at an interface utilized by general (i.e., non-privileged) users. | Information system management functionality includes, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access.... |
| V-36335 | Medium | Applications utilizing mobile code must meet policy requirements regarding the acquisition, development, and/or use of mobile code. | Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale... |
| V-36334 | Medium | The MDM server must automatically audit administrator account modification.
| Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply... |
| V-36337 | Medium | The MDM server must automatically audit administrator account termination.
| Accounts are utilized for identifying individual application users or for identifying the application processes themselves. When accounts are deleted, a myriad of side effects could occur. The... |
| V-36331 | Medium | The MDM server must protect the audit records resulting from non-local accesses to privileged accounts and the execution of privileged functions.
| Protection of audit records and audit data is of critical importance. Care must be taken to ensure privileged users cannot circumvent audit protections put in place. Auditing might not be... |
| V-36330 | Medium | The MDM server must back up audit records on an organization defined frequency onto a different system or media than the system being audited.
| Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on... |
| V-36332 | Medium | Applications designed to enforce policy pertaining to organizational use of mobile code must prevent the download and execution of prohibited mobile code. | Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale... |
| V-36338 | Medium | Applications must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals. | Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to... |
| V-36408 | Medium | Applications using multifactor authentication when accessing non-privileged accounts via the network must provide one of the factors by a device separate from the information system gaining access. | Multifactor authentication is defined as: using two or more factors to achieve authentication.
Rationale for non-applicability: The MDM server should only be accessed by authorized... |
| V-36267 | Medium | The application must protect audit data records and integrity by using cryptographic mechanisms. | Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data. An example of a... |
| V-36200 | Medium | The application must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds.
| It is critical when a system is at risk of failing to process audit logs as required; actions are automatically taken to mitigate the failure or risk of failure.
One method used to thwart the... |
| V-36203 | Medium | Applications providing information flow control must uniquely authenticate destination domains when transferring information. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36202 | Medium | If the MDM server includes a mobile email management capability, the email client must alert the user if it receives a public-key certificate issued from an untrusted certificate authority.
| If the user is aware that a certificate has been issued from an untrusted certificate authority, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious... |
| V-36205 | Medium | Applications must uniquely identify destination domains for information transfer. | The application enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.
Rationale for... |
| V-36204 | Medium | If the MDM server includes a mobile email management capability, the email client must give the user the option to deny acceptance of a certificate if the certificate was issued by an untrusted certificate authority.
| When the operating system accepts the use of certificates issued from untrusted certificate authorities, there is the potential that the system or object presenting the certificate is malicious,... |
| V-36207 | Medium | The application must provide the capability to remotely view/hear all content related to an established user session in real time. | While a great deal of effort is made to secure applications so as to prevent unauthorized access, in certain instances there can be valid requirements to listen/hear or view all content related to... |
| V-36206 | Medium | If the MDM server includes a mobile email management capability, the email client must alert the user if it receives an invalid public-key certificate.
| If the user is aware that a certificate is invalid, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious behavior that indicates an IA incident is in... |
| V-36208 | Medium | If the MDM server includes a mobile email management capability, the email client must give the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate is invalid.
| When the operating system accepts the use of invalid certificates, there is the potential that the system or object presenting the certificate is malicious, and can compromise sensitive... |
| V-36414 | Medium | Applications must enforce password minimum lifetime restrictions.
| Password minimum lifetime is defined as: the minimum period of time, (typically in days) a user's password must be in effect before the user can change it.
Rationale for non-applicability: The... |
| V-36415 | Medium | The application must use multifactor authentication for network access to non-privileged accounts. | Multifactor authentication is defined as: using two or more factors to achieve authentication.
Rationale for non-applicability: The MDM server should only be accessed by authorized... |
| V-36416 | Medium | Applications must enforce password maximum lifetime restrictions.
| Password maximum lifetime is defined as: the maximum period of time, (typically in days) a user's password may be in effect before the user is forced to change it.
Rationale for... |
| V-36417 | Medium | The application must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | To assure accountability and prevent unauthorized access, organizational users shall be identified and authenticated.
Rationale for non-applicability: The MDM server will leverage Enterprise... |
| V-36410 | Medium | Applications using multifactor authentication when accessing privileged accounts via the network must provide one of the factors by a device that is separate from the information system gaining access. | Multifactor authentication is defined as: using two or more factors to achieve authentication.
Rationale for non-applicability: Authentication to the MDM server is controlled by the Enterprise... |
| V-36411 | Medium | The application must support organizational requirements to enforce the number of characters that get changed when passwords are changed.
| Passwords need to be changed at specific policy based intervals.
Rationale for non-applicability: The MDM server must use the Enterprise Authentication Mechanism for administrator accounts. |
| V-36412 | Medium | The application must support organizational requirements to enforce password encryption for storage.
| Applications must enforce password encryption when storing passwords. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are... |
| V-36413 | Medium | The application must use multifactor authentication for local access to non-privileged accounts. | Multifactor authentication is defined as: using two or more factors to achieve authentication.
Rationale for non-applicability: The MDM server should only be accessed by authorized... |
| V-36418 | Medium | The application must support organizational requirements to prohibit password reuse for the organization defined number of generations.
| Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Rationale for non-applicability: The MDM server must... |
| V-36419 | Medium | The application must support and must not impede organizational requirements to conduct backups of information system documentation including security-related documentation per organization defined frequency. | Information system backup is a critical step in maintaining data assurance and availability.
Rationale for non-applicability: The MDM server does not manage documentation. Documentation is... |
| V-36068 | Medium | The MDM server must validate the binding of the information producers identity to the information.
| Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received... |
| V-36146 | Medium | The MDM server must configure the mobile device agent to prohibit the download of applications on mobile operating system devices without system administrator control (i.e., the SA either downloads and installs the application or enables the user to download/install the application).
| The installation and execution of unauthorized software on an operating system may allow the application to obtain sensitive information or further compromise the system. If the system... |
| V-36144 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the MDM server agent inactivity timeout (the following settings must be available, at a minimum: Disable (no timeout), 15 minutes, and 60 minutes).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36145 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set approved IP address ranges, ports, and protocols on a managed mobile device firewall.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36142 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Minimum MDM server agent password length of eight or more characters.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36143 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Maximum MDM server agent password history (3 previous passwords checked is the recommended setting).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36140 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of special characters in the MDM server agent password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36141 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Maximum MDM server agent password age (e.g., 30 days, 90 days, 180 days).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36024 | Medium | The MDM server must support administrator authentication to the server via the Enterprise Authentication Mechanisms authentication.
| In the DoD, Administrator credential requirements for authentication are defined by CTO 07-115 Rev 1, which is usually enforced by the Enterprise Authentication Mechanism. Non-complaint... |
| V-36021 | Medium | The MDM server must monitor for unauthorized connections of mobile devices to the MDM server application.
| Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g.,... |
| V-36023 | Medium | The MDM server must require a password to access the servers private keys saved in the key certificate store that meets organizationally defined network administrator password requirements.
| The cornerstone of the PKI is the private key used to encrypt or digitally sign information. Allowing unauthenticated access to private keys can enable an adversary in possession of the device to... |
| V-36149 | Medium | The MDM server must configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or MDM server).
| DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source,... |
| V-36289 | Medium | The MDM server must allocate sufficient audit record storage capacity for 7 days of operation.
| Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. If auditing is not... |
| V-36188 | Medium | The information system automatically terminates emergency accounts after an organization defined time period for each type of account. | Emergency application accounts are typically created due to an unforeseen operational event or could ostensibly be used in the event of a vendor support visit where a support representative... |
| V-36283 | Medium | Applications that serve to protect organizations and individuals from SPAM messages must incorporate update mechanisms updating protection mechanisms and signature updates when new application releases are available in accordance with organizational configuration management policy and procedures.
| Senders of SPAM messages are continually modifying their tactics and source email addresses in order to elude protection mechanisms. To stay up-to-date with the changing threat and to identify... |
| V-36245 | Medium | The MDM server must have access to DoD root and intermediate PKI certificates when performing DoD PKI related transactions.
| DoD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an... |
| V-36244 | Medium | The MDM server must produce, control, and distribute asymmetric cryptographic keys using NSA-approved or NIST-approved key management technology and processes.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.
|
| V-36247 | Medium | The MDM server PKI certificate store must encrypt contents using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired).
| If an adversary can access the key store, it may be able to use the keys to perform a variety of unauthorized transactions. It may also be able to modify public-keys in a way that it can trick... |
| V-36246 | Medium | The application must notify the user of the number of unsuccessful login/access attempts occurring during an organization defined time period. | Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of unsuccessful attempts made to login to their account... |
| V-36243 | Medium | The MDM server must produce, control, and distribute symmetric cryptographic keys using NIST-approved or NSA approved key management technology and processes.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.
|
| V-36242 | Medium | The MDM server must encrypt all data in transit (e.g., mobile device encryption keys, server PKI certificates, mobile device data bases) using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired).
| If data in transit is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it... |
| V-36248 | Medium | In order to inform the user of the number of successful login attempts made with the user's account, the application must notify the user of the number of successful logins/accesses occurring during an organization defined time period. | Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of successful attempts made to login to their account... |
| V-36368 | Medium | Applications must limit the use of resources by priority and not impede the host from servicing processes designated as a higher-priority. | Priority protection helps prevent a lower-priority process from delaying or interfering with the information system servicing any higher-priority process. This control does not apply to components... |
| V-36366 | Medium | The MDM server, when used for non-local maintenance sessions, must protect those sessions through the use of a strong authenticator tightly bound to the user.
| Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network.
|
| V-36367 | Medium | Boundary protection applications must be capable of preventing public access into the organizations internal networks except as appropriately mediated by managed interfaces. | Access into an organization's internal network and to key internal boundaries must be tightly controlled and managed. Applications monitoring and/or controlling communications at the external... |
| V-36364 | Medium | Any software application designed to function as a firewall must be capable employing a default deny all configuration. | A firewall default deny is a firewall configuration setting that will force the administrator to explicitly allow network or application traffic rather than allowing all traffic by default. The... |
| V-36365 | Medium | The master AES encryption key used to encrypt data between the MDM server and the agent on the mobile device must be rotated.
| There are two primary methods for generating the encryption key used to encrypt data between the management server and the server agent installed on the mobile device. The first method is to use a... |
| V-36362 | Medium | Applications providing remote connectivity must prevent remote devices that have established a non-remote connection with the system from communicating outside of the communications path with resources in external networks. | This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings that are not configurable by the user of that device. An example of a... |
| V-36363 | Medium | The MDM server must be able to disable services that are not required by site-defined functions.
| Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
| V-36360 | Medium | Proxy applications must support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource Locators (URLs), domain names, and Internet Protocol (IP) addresses. Proxy applications must also be configurable with organization defined lists of authorized and unauthorized websites.
| External networks are networks outside the control of the organization. Proxy servers support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource... |
| V-36361 | Medium | The MDM server must not enable information system functionality providing the capability for automatic execution of code on mobile devices without user direction.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36108 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the Voice recorder.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36109 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the Microphone.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36102 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Bluetooth mutual authentication immediately after the initial establishment of any Bluetooth connection between the mobile device and the smart card reader or hands free headset.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36103 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Bluetooth 128 bit encryption.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36100 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the Bluetooth discoverable mode.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36101 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Bluetooth pairing using a randomly generated passkey size of at least 8 digits.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36106 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the IR port.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36107 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable Wi-Fi.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36104 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set up a white list of Bluetooth devices that are authorized to pair to the mobile device (white list filters based on device Friendly Name).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36105 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable MMS messaging.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36077 | Medium | The MDM server must preserve organization defined system state information in the event of a system failure.
| Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality,... |
| V-36074 | Medium | The MDM server must enforce the organization defined time period during which the limit of consecutive invalid access attempts by an administrator is counted.
| By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.
|
| V-36073 | Medium | The MDM server must disable the use of organization defined networking protocols within the operating system deemed to be non-secure except for explicitly identified components in support of specific operational requirements.
| Some networking protocols may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking... |
| V-36070 | Medium | The MDM server must automatically audit administrator account disabling actions.
| When accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying processes themselves. In order to detect and... |
| V-36078 | Medium | The MDM server must notify appropriate individuals when administrator accounts are created.
| Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply... |
| V-36079 | Medium | The MDM server must notify, as required, appropriate individuals when administrator accounts are modified.
| Monitoring account modification is critical to ensure only appropriate personnel have access to the MDM server. This reduces the possibility that an account will be given more access than is... |
| V-36177 | Medium | The MDM server device integrity validation component must support organizational requirements to address the receipt of false positives during malicious code detection.
| In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes... |
| V-36176 | Medium | The application must prevent the execution of prohibited mobile code. | Decisions regarding the utilization of mobile code within organizational information systems needs to include evaluations which help determine the potential for the code to cause damage to the... |
| V-36171 | Medium | The MDM server must record an event in the server audit log if a success acknowledgement is not received from the MDM server agent after a device security policy has been pushed to a managed mobile device.
| When the MDM server transfers policies, there is the chance an error or problem with the data transfer may occur. The MDM server needs to track failures and any problems encountered when... |
| V-36089 | Medium | The MDM server must be configured to have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Removable storage media cards are bound to the mobile device so data stored on them can only be read by that mobile device.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36088 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Perform a Data Wipe function whereby all data stored in user addressable memory on the mobile device and the removable memory card is erased when the maximum number of incorrect passwords for device unlock has been reached.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36082 | Medium | The MDM server must accept alerts of certificate failures related to digital signatures on software applications or components on managed mobile devices.
| A certificate failure related to a digital signature on software applications or components is strong evidence of a system breach. Notifying the MDM server of such an occurrence allows the... |
| V-36081 | Medium | The MDM server must notify appropriate individuals when administrator accounts are terminated.
| When MDM server accounts are terminated, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes... |
| V-36080 | Medium | The MDM server must notify, as required, appropriate individuals when administrator accounts are disabled.
| Monitoring account disabling is critical to ensure a denial of service situation does not exist on the operating system. An unexpected account deletion can also be a sign that there is a rogue... |
| V-36087 | Medium | The MDM server must be configured to have the administrative functionality to centrally manage configuration settings, including security policies, on managed mobile devices.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36086 | Medium | The MDM server must be configured to provide the administrative functionality to transmit a remote Data Wipe command, including removable media cards, to a managed mobile device.
| Without a Data Wipe capability, the data on the mobile device can be compromised in the event of a lost or stolen device.
|
| V-36084 | Medium | The MDM server must deploy operating system and application updates via over-the-air (OTA) provisioning for managed mobile devices.
| Without the MDM server capability to deploy operating systems and application updates OTA, it is possible for the mobile devices under the MDM server's control to be susceptible to a zero day... |
| V-36321 | Medium | The application must perform data origin authentication and data integrity verification on all resolution responses received whether or not local client systems explicitly request this service. | A recursive resolving or caching Domain Name System (DNS) server is an example of an information system providing name/address resolution service for local clients.
Rationale for... |
| V-36326 | Medium | Applications, when operating as part of a distributed, hierarchical namespace, must provide the means to indicate the security status of child subspaces and (if the child supports secure resolution services) enable verification of a chain of trust among parent and child domains.
| This control enables remote clients to obtain origin authentication and integrity verification assurances for the host/service name to network address resolution information obtained through the... |
| V-36327 | Medium | The application must provide additional data origin and integrity artifacts along with the authoritative data the system returns in response to name/address resolution queries. | This control enables remote clients to obtain origin authentication and integrity verification assurances for the host/service name to network address resolution information obtained through the... |
| V-36324 | Medium | The application must perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources when requested by client systems.
| A recursive resolving or caching Domain Name System (DNS) server is an example of an information system providing name/address resolution service for local clients. |
| V-36325 | Medium | The MDM server must record an event in audit log each time the server makes a security relevant configuration change on a managed mobile device.
| Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. ... |
| V-36281 | Medium | Applications that are utilized to address the issue of SPAM and provide protection from SPAM must automatically update any and all SPAM protection measures including signature definitions. | Originators of SPAM emails are constantly changing their source email addresses in order to defeat SPAM countermeasures; therefore, SPAM software must be constantly updated to address the changing... |
| V-36328 | Medium | The MDM server must employ cryptographic mechanisms to protect the integrity and confidentiality for all audit logs managed by the server.
| The integrity of server audit logs and managed device audit logs is vital to the security baseline of the server and network. Otherwise, critical audit event information could be compromised.
|
| V-36329 | Medium | Applications designed to enforce policy pertaining to the use of mobile code must prevent the automatic execution of mobile code in organization defined software applications and require organization defined actions prior to executing the code. | Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale... |
| V-36287 | Medium | The application must enforce organizational requirements to protect information obtained from intrusion monitoring tools from unauthorized access, modification, and deletion. | Intrusion monitoring applications are by their nature designed to monitor and record network and system traffic and activity. They can accumulate a significant amount of sensitive data, examples... |
| V-36286 | Medium | For those instances where the organization requires encrypted traffic to be visible to information system monitoring tools, the application transmitting the encrypted traffic must make provisions to allow that traffic to be visible to specific system monitoring. | There is a recognized need to balance encrypting traffic versus the need to have insight into the traffic from a monitoring perspective.
Rationale for non-applicability: The MDM server traffic... |
| V-36354 | Medium | The MDM server must establish a trusted communications path between the Administrator and the systems authentication mechanism.
| Without a trusted communication path, the MDM server is vulnerable to a man in the middle attack.
|
| V-36353 | Medium | Applications functioning in the capacity of a firewall must check incoming communications to ensure the communications are coming from an authorized source and routed to an authorized destination. | In regards to boundary controls such as routers and firewalls, examples of restricting and prohibiting communications are: restricting external web traffic only to organizational web servers... |
| V-36351 | Medium | Boundary protection applications must prevent discovery of specific system components (or devices) composing a managed interface. | Firewall control requirement for isolating and preventing the discovery of management interfaces. This control enhancement is intended to protect the network addresses of information system... |
| V-36219 | Medium | If the MDM server includes a mobile email management capability, the email client must encrypt all email using a FIPS 140-2 validated encryption algorithm.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36216 | Medium | If the MDM server includes a mobile email management capability, the email client must give the user the option to deny acceptance of a certificate if the mobile email client determines the CRL of the certificate is unverified.
| If the user is aware that a certificate is invalid, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious behavior that indicates an IA incident is in... |
| V-36217 | Medium | If the MDM server includes a mobile email management capability, the email client must alert the user if it receives an unverified public-key certificate.
| If the user is aware that a certificate is invalid, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious behavior that indicates an IA incident is in... |
| V-36214 | Medium | If the MDM server includes a mobile email management capability, the email client must give the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate uses a non-FIPS approved algorithm.
| When the operating system accepts the use of invalid certificates, there is the potential that the system or object presenting the certificate is malicious, and can compromise sensitive... |
| V-36215 | Medium | If the MDM server includes a mobile email management capability, the email client must alert the user if the certificate uses an unverified CRL.
| If the user is aware that a certificate is invalid, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious behavior that indicates an IA incident is in... |
| V-36212 | Medium | If the MDM server includes a mobile email management capability, the email client must alert the user if it receives a public-key certificate with a non-FIPS approved algorithm.
| If the user is aware that a certificate is invalid, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious behavior that indicates an IA incident is in... |
| V-36213 | Medium | The application must dynamically reconfigure security attributes in accordance with an identified security policy as information is created and combined. | Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information.
Rationale for... |
| V-36358 | Medium | Applications performing extrusion detection must be capable of denying network traffic and auditing internal users (or malicious code) posing a threat to external information systems. | Detecting internal actions that may pose a security threat to external information systems is sometimes termed extrusion detection. Extrusion detection at the information system boundary includes... |
| V-36421 | Medium | Applications providing flow control must identify data type, specification and usage when transferring information between different security domains so that policy restrictions may be applied.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36420 | Medium | The application must support organizational requirements to enforce minimum password length.
| Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Rationale for non-applicability: The MDM server must... |
| V-36423 | Medium | Applications must adhere to the principles of least functionality by providing only essential capabilities. | Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
| V-36422 | Medium | Backup / Disaster Recovery oriented applications must be capable of backing up user-level information per a defined frequency. | Information system backup is a critical step in maintaining data assurance and availability.
Rationale for non-applicability: The MDM server is not a Backup / Disaster Recovery oriented... |
| V-36425 | Medium | Applications must provide the ability to enforce security policies regarding information on interconnected systems.
| The application enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.
Rationale for... |
| V-36424 | Medium | Applications, when transferring information between different security domains, must decompose information into policy-relevant subcomponents for submission to policy enforcement mechanisms.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36427 | Medium | The application must bind security attributes to information to facilitate information flow policy enforcement.
| The application enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy. Information flow... |
| V-36426 | Medium | The MDM server must have the capability to use automated mechanisms to centrally apply configuration settings to managed mobile devices. | Configuration settings are the configurable security-related parameters of operating system.
Rationale for non-applicability: This vulnerability is better addressed by CCI-000370.
|
| V-36429 | Medium | Applications must be able to function within separate processing domains (virtualized systems), when specified, so as to enable finer-grained allocation of user privileges.
| Applications must employ the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in... |
| V-36428 | Medium | The application must support the enforcement of a two-person rule for changes to organization defined application components and system-level information. | Regarding access restrictions for changes made to organization defined information system components and system level information. Any changes to the hardware, software, and/or firmware... |
| V-36133 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: When a mobile device lock occurs (user initiated or due to an inactivity timeout) all data must be re-encrypted.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36132 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of incorrect password attempts before a data wipe procedure is initiated (minimum requirement is 3-10).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36131 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Perform a Data Wipe function whereby all data stored in the security container is erased when the maximum number of incorrect passwords for the security container application has been reached.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36137 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Disallow common password patterns for the MDM server agent password (e.g., letters in order from the top row of the keypad).
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36135 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable an MDM server agent password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36134 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: All data-at-rest inside the MDM server agent must be encrypted.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36030 | Medium | The host server where the MDM server components are installed must be hardened according to the appropriate Application and OS STIGs (Windows, SQL, Apache Web Server, Apache Tomcat, IIS, etc.).
| The host server where the MDM server components are installed must be compliant with the Windows STIG and applicable application STIGs to ensure the system is not vulnerable to attack resulting in... |
| V-36211 | Medium | If the MDM server includes a mobile email management capability, the email client must give the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate is unverified.
| When the operating system accepts the use of invalid certificates, there is the potential that the system or object presenting the certificate is malicious, and can compromise sensitive... |
| V-36036 | Medium | The MDM server must conduct backups of system-level information contained in the information system per organization defined frequency to conduct backups that are consistent with recovery time and recovery point objectives.
| MDM server backup is a critical step in maintaining data assurance and availability. Without available back up data to restore a system in the event of a system failure, the system may be... |
| V-36034 | Medium | The MDM server must disable network access by unauthorized server components or notify designated organizational officials.
| Maintaining system and network integrity requires all systems on the network are identified and accounted for. Without an accurate accounting of systems utilizing the network, the opportunity... |
| V-36035 | Medium | The MDM server data must be backed up per a defined frequency.
| Information system backup is a critical step in maintaining data assurance and availability.
User-level information is data generated by information system and/or application users. In order to... |
| V-36059 | Medium | The MDM server must protect the confidentiality and integrity of information at rest.
| This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers... |
| V-36046 | Medium | The MDM server must use organizational requirements to employ cryptographic mechanisms to protect information in storage.
| When data is written to digital media, there is risk of loss of data along with integrity and data confidentiality. An organizational assessment of risk guides the selection of media and... |
| V-36045 | Medium | The MDM server must terminate all sessions and network connections when non-local maintenance is completed.
| In the event the remote node has abnormally terminated or an upstream link from the MDM server is down, the management session will be terminated; thereby, freeing device resources and... |
| V-36043 | Medium | The PKI key store of the MDM server must be FIPS validated.
| MDM server applications utilizing encryption are required to use approved encryption modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies,... |
| V-36336 | Medium | Software and/or firmware used for collaborative computing devices must prohibit remote activation excluding the organization defined exceptions where remote activation is to be allowed. | Collaborative computing devices include, networked white boards, cameras, and microphones. Collaborative software examples include instant messaging or chat clients.
Rationale for... |
| V-36050 | Medium | The MDM server must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, applications need to leverage transmission protection mechanisms, such as TLS, SSL VPN, or IPSEC tunnel.
| Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during... |
| V-36218 | Medium | If the MDM server includes a mobile email management capability, all email (including email attachments) sent over the wireless link from the mobile email client MDM server mobile email management component located on the DoD network must be encrypted using AES. AES 128 bit encryption key length is the minimum requirement; AES 256 desired.
| If an adversary can access the key store, it may be able to use the keys to perform a variety of unauthorized transactions. It may also be able to modify public-keys in a way that it can trick... |
| V-36253 | Medium | Applications must uniquely identify source domains for information transfer. | The application enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.
Rationale for... |
| V-36251 | Medium | Applications must uniquely authenticate source domains for information transfer. | The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.... |
| V-36256 | Medium | The MDM server must encrypt all key data items (e.g., mobile device encryption keys, server PKI certificates, mobile device data bases) saved in memory using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired).
| If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly,... |
| V-36257 | Medium | Applications must provide the ability to prohibit the transfer of unsanctioned information in accordance with security policy. | The application enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.
Rationale for... |
| V-36255 | Medium | The MDM server must support organizational requirements to issue public-key certificates under an appropriate certificate policy or obtain public-key certificates under an appropriate certificate policy from an approved service provider.
| Only DoD PKI issued or approved software authentication certificates must be installed on DoD mobile operating system devices. Without this trust paths would be broken which could lead to... |
| V-36259 | Medium | Applications designed to control information flow must provide the ability to detect unsanctioned information being transmitted across security domains. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36318 | Medium | Applications that collectively provide name/address resolution service for an organization must implement internal/external role separation. | A Domain Name System (DNS) server is an example of an information system providing name/address resolution service. To eliminate single points of failure and to enhance redundancy, there are... |
| V-36311 | Medium | Applications must, for organization defined information system components, load and execute the operating environment from hardware-enforced, read-only media. | Organizations may require the information system to load the operating environment from hardware enforced read-only media. The term operating environment is defined as the code upon which... |
| V-36316 | Medium | The MDM server must protect audit information from unauthorized deletion.
| If audit data were to become compromised then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
|
| V-36315 | Medium | Only a Honey Pot information system and/or application must include components that proactively seek to identify web-based malicious code. Honey Pot systems must be not be shared or used for any other purpose other than described. | A Honey Pot is an organization designated information system and/or application that includes components specifically designed to be the target of malicious attacks for the purpose of detecting,... |
| V-36314 | Medium | The MDM server must protect audit information from unauthorized modification.
| If audit data were to become compromised then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
|
| V-36130 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of numbers in the device unlock password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36136 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Disallow sequential numbers in the MDM server agent password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36392 | Medium | Applications providing information flow control must provide the capability for privileged administrators to enable/disable security policy filters.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36139 | Medium | The MDM server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of numbers in the MDM server agent password.
| Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-36225 | Medium | If the MDM server includes a mobile email management capability, the email client S/MIME cryptographic module must be FIPS 140-2 validated.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36224 | Medium | If the MDM server includes a mobile email management capability, the email client S/MIME encryption algorithm must be 3DES or AES. When AES is used, AES 128 bit encryption key length is the minimum requirement; AES 256 desired.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36222 | Medium | Applications must notify users of organization defined security-related changes to the user's account occurring during the organization defined time period.
| Some organizations may define certain security events as events requiring user notification. An organization may define an event such as a password change to a user's account occurring outside of... |
| V-36221 | Medium | Applications providing information flow control must enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36220 | Medium | If the MDM server includes a mobile email management capability, the email client must be capable of providing S/MIME v3 (or later version) encryption of email.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36394 | Medium | Applications providing information flow controls must provide the capability for privileged administrators to configure security policy filters to support different organizational security policies.
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-36229 | Medium | If the MDM server includes a mobile email management capability, the email client must provide the mobile device user the capability to digitally sign and/or encrypt outgoing email messages using software or hardware based digital certificates.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36228 | Medium | If the MDM server includes a mobile email management capability, the email client must set the Smart Card or Certificate Store Password caching timeout period from at least 15 to 120 minutes, if Smart Card or Certificate Store Password caching is available.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36168 | Medium | The MDM server must use cryptography to protect the integrity of remote access sessions with managed mobile devices.
| Encryption is critical for the protection of the remote access sessions. If the encryption is not being used for integrity, malicious users may gain the ability to modify the MDM server. The use... |
| V-36169 | Medium | Applications managing network connectivity must have the capability to authenticate devices before establishing network connections by using bidirectional authentication that is cryptographically based. | Device authentication is a solution enabling an organization to manage both users and devices.
Rationale for non-applicability: This requirement is included in SRG-APP-197-MDM server-159-MDM server
|
| V-36167 | Medium | The MDM server must provide automated support for the management of distributed security testing on managed mobile devices.
| The need to verify security functionality is necessary to ensure the MDM server is behaving as expected and the defenses are enabled. To scale the deployment of the verification process, the MDM... |
| V-36160 | Medium | Applications providing remote access capabilities must utilize approved cryptography to protect the confidentiality of remote access sessions. | Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the... |
| V-36161 | Medium | The MDM server must ensure authentication of both mobile device MDM server agent and server during the entire session.
| MDM server can be prone to man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of SSL Mutual Authentication authenticity... |
| V-36162 | Medium | The MDM server must support organizational requirements to install software updates automatically on managed mobile devices.
| Security faults with software applications and operating systems are discovered daily and vendors are constantly updating and patching their products to address newly discovered security... |
| V-36163 | Medium | The application must employ automated mechanisms to facilitate the monitoring and control of remote access methods. | Remote network access is accomplished by leveraging common communication protocols and establishing a remote connection. These connections will occur over the public Internet.
Remote access is... |
| V-36296 | Low | The MDM server must provide a warning when allocated audit record storage volume reaches an organization defined percentage of maximum audit record storage capacity.
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs when storage capacity is reached. Notification of the storage condition will allow... |
| V-36294 | Low | The MDM server must overwrite the oldest audit log entries when audit logs reach capacity.
| It is critical that when a system is at risk of failing to process audit logs as required, it detects and takes action to mitigate the failure. Overwriting the oldest audit log entries is the... |
| V-36292 | Low | The MDM server Sever must alert designated organizational officials in the event of an audit processing failure.
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures... |
| V-36290 | Low | The MDM server must send alerts to the administrator or organizations central audit management system when the audit log size reaches an organization defined critical percentage of capacity and full capacity.
| MDM server auditing capability is critical for accurate forensic analysis. Alerting administrators when audit log size thresholds are exceeded helps ensure the administrators can respond to heavy... |
| V-36299 | Low | The MDM server must provide a real-time alert when organization defined audit failure events occur.
| It is critical for the appropriate personnel to be aware if a system is at risk of failing due to an audit failure event. Notification of the event will allow administrators to take actions so... |
| V-36055 | Low | The MDM server must protect the integrity and availability of publicly available information and applications.
| The MDM server may provide information that has to be made publicly available, therefore security of the MDM server system is paramount to protect the integrity and availability of the MDM server... |
| V-36199 | Low | If the MDM server includes a mobile email management capability, the email client must notify the user if it cannot verify the revocation status of the certificate.
| If the user is aware that the revocation status of a certificate could not be verified, the user is better prepared to identify suspicious behavior that indicates an IA incident is in progress. ... |
| V-36278 | Low | The MDM server must produce audit records containing sufficient information to establish the sources of the events.
| MDM server auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, for example, timestamps,... |
| V-36308 | Low | The MDM server must automatically process audit records for events of interest based upon selectable, event criteria.
| Due to the numerous functions a MDM server implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is... |
| V-36302 | Low | The MDM server must utilize the integration of audit review, analysis, and reporting processes by an organizations central audit management system to support organizational processes for investigation and response to suspicious activities.
| Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was... |
| V-36305 | Low | The MDM server must support an audit reduction capability.
| Audit reduction is used to reduce the volume of audit records in order to facilitate manual review. Before a security review information systems and/or applications with an audit reduction... |
| V-36307 | Low | The MDM server audit records must be able to be used by a report generation capability.
| Due to the numerous functions a MDM server implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is... |
| V-36235 | Low | If the MDM server includes a mobile email management capability, the email client must either block or convert all active content in email (HTML, RTF, etc.) to text before the email is forwarded to the mobile device.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36236 | Low | If the MDM server includes a mobile email management capability, the email client must support SHA2 signature verification.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data... |
| V-36237 | Low | If the MDM server includes a mobile email management capability, all email sent to the mobile device must be managed by the MDM server mobile email component. Desktop or Internet controlled email redirection are not authorized.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data... |
| V-36232 | Low | If the MDM server includes a mobile email management capability, the email client must provide a noticeable warning to the user if the CRL, SCVP, or OCSP server cannot be contacted or the revocation data provided cannot be verified
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36233 | Low | If the MDM server includes a mobile email management capability, the email client must support retrieving encryption certificates not stored in the local trust anchor store for S/MIME purposes.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36239 | Low | The MDM server must query the certification authority to determine whether a public-key certificate has been revoked before accepting the certificate for authentication purposes.
| Failure to verify a certificate’s revocation status can result in the system accepting a revoked and therefore authorized certificate. This could result in the installation of unauthorized... |
| V-36011 | Low | The MDM server must display an approved system use notification message or banner before granting access to the system.
| Applications are required to display an approved system use notification message or banner before granting access to the system providing privacy and security notices consistent with applicable... |
| V-36012 | Low | The MDM server must retain the logon banner on the screen unless the administrator takes explicit actions to logon to the server.
| To establish acceptance of system usage policy, a click-through banner at application logon is required. The banner shall prevent further activity on the application unless and until the user... |
| V-36013 | Low | The MDM server, upon successful logon, must display to the administrator the date and time of the last logon (access).
| MDM server users need to be very vigilant in maintaining situational awareness of activity that occurs regarding their accounts. Providing them with information regarding the date and time of... |
| V-36014 | Low | The MDM server, before or upon successful unlock, must display to the administrator the number of unsuccessful unlock attempts since the last successful unlock.
| MDM server users need to be very vigilant in maintaining situational awareness of activity that occurs regarding their accounts. Providing them with information regarding the date and time of... |
| V-36273 | Low | The MDM server must produce audit records containing the severity level of each recorded event.
| MDM server auditing capability is critical for accurate forensic analysis. Event severity levels allow system administrators and IA personnel to more easily identify critical system issues and... |
| V-36275 | Low | The MDM server must include date and timestamps in each event recorded in audit logs.
| MDM server auditing capability is critical for accurate forensic analysis. The inclusion of timestamps better enables for correlation of events across disparate systems, which can be critical to... |
| V-36276 | Low | The MDM server must include the software component (e.g., administration module, mobile device security policy module, etc.) that generated each event recorded in audit logs.
| MDM server auditing capability is critical for accurate forensic analysis. The inclusion of software component that generated each event in the audit logs enables system administrators and IA... |
| V-36069 | Low | The MDM server must display an approved system use notification message or banner before granting access to the system.
| If the MDM server does not display an appropriate warning display, the organization may not be able to take appropriate legal action in the case of a system compromise.
|
| V-36060 | Low | The MDM server must protect the integrity of information during the processes of data aggregation, packaging, and transformation in preparation for transmission.
| Information can be subjected to unauthorized changes (e.g., malicious and/or unintentional modification) at information aggregation or protocol transformation points. It is therefore imperative... |
| V-36065 | Low | The MDM server must identify potentially security relevant error conditions on the server.
| Error messages generated by the MDM server can indicate a possible security violation or breach. The MDM server system must be configured to be able to recognize those error messages that can be... |
| V-36067 | Low | The MDM server must activate an organization defined alarm and/or automatically shut down the server, if a server component failure is detected.
| Predictable failure prevention requires organizational planning to address system failure issues. Since the MDM server is key to maintaining security, if it fails to function, the system could... |
| V-36066 | Low | The MDM server must reveal error messages only to authorized personnel.
| If the MDM server provides too much information in error logs and administrative messages to the screen it could lead to compromise. The structure and content of error messages need to be... |
| V-36333 | Low | The MDM server must produce a system-wide (logical or physical) audit trail composed of audit records in a standardized format.
| Audits records can be generated from various components within the MDM server. The list of audited events is the set of events for which audits are to be generated. This set of events is... |
| V-36201 | Low | If the MDM server includes a mobile email management capability, the email client must give the user the option to deny acceptance of a certificate if it cannot verify the certificates revocation status.
| When additional assurance is required, the system should deny acceptance of a certificate if it cannot verify its revocation status. Otherwise, there is the potential that it is accepting the... |
| V-36209 | Low | If the MDM server includes a mobile email management capability, the email client must not accept certificate revocation information without verifying its authenticity.
| If the operating system does not verify the authenticity of revocation information, there is the potential that an authorized system is providing false information. Acceptance of the false... |
| V-36026 | Low | The MDM server must obscure a password when it is entered on the server.
| To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the MDM server shall not provide any information that would allow an... |
| V-36323 | Low | The MDM server must record an event in the device audit log each time the server is started.
| Some MDM server system features, including security enforcement, may only be modified when the MDM server applications not running. Logging startup events provides valuable information on system... |
| V-36241 | Low | The MDM server must ensure that PKI-based authentication maps the authenticated identity to the user account.
| The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. The... |
| V-36240 | Low | The MDM server must verify all digital certificates in the certificate chain when performing PKI transactions.
| If an adversary is able to compromise one of the certificates in the certificate chain, the adversary may be able to sign lower level certificates in the chain. This would enable the adversary to... |
| V-36249 | Low | The MDM server must implement required cryptographic protections using cryptographic modules that comply with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36076 | Low | The MDM server must ensure unauthorized, security relevant configuration changes are tracked if detected.
| Uncoordinated or incorrect configuration changes to MDM server can potentially lead to outages and possibly compromises. Configuration changes must be tracked and detected to prevent these... |
| V-36075 | Low | The MDM server must limit privileges to change software resident within software libraries (including privileged programs).
| Any changes to the MDM server software can potentially have significant effects on the overall security and functionality of the system. Therefore, only qualified and authorized individuals... |
| V-36072 | Low | The MDM server must display to the administrator the identity of the entity that signed the downloaded software before installing the software.
| The user provides an important line of defense in protecting the system against the installation of malicious software. It is more likely that software will be installed from unknown sources if... |
| V-36071 | Low | The MDM server must only allow authorized entities to change security attributes.
| Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects, objects) with respect to safeguarding information. These attributes are... |
| V-36322 | Low | The MDM server must support the capability to compile audit records from multiple components within the server into a system-wide (logical or physical) audit trail that is time-correlated to within an organization defined level of tolerance for the relationship between time stamps of individual records in the audit trail.
| Audit generation and audit records can be generated from various components within the MDM server. The list of audited events is the set of events for which audits are to be generated. This set... |
| V-36320 | Low | The MDM server must generate audit records for the DoD-required auditable events.
| The DoD-required auditable events are events that assist in intrusion detection and forensic analysis. Failure to capture them increases the likelihood that an adversary can breach the system... |
| V-36280 | Low | The MDM server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.
| MDM server auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, for example, timestamps,... |
| V-36357 | Low | The MDM server must respond to security function anomalies in accordance with organization defined responses and alternative action(s).
| The MDM server is the collection point for many of the security function anomalies both for the mobile devices it manages, as well as the MDM server application itself. Without response to... |
| V-36356 | Low | The MDM server application must generate unique session identifiers with organization defined randomness requirements.
| This requirement focuses on communications protection at the application session, versus network packet level. The intent of this control is to establish grounds for confidence at each end of a... |
| V-36355 | Low | The MDM server application must generate a unique session identifier for each session.
| This requirement focuses on communications protection at the application session, versus network packet level. The intent of this control is to establish grounds for confidence at each end of a... |
| V-36352 | Low | The MDM server must separate the security functions between the management of the server itself, and the management of the mobile device.
| Security functions are defined as "the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and... |
| V-36359 | Low | The MDM server application must recognize only system-generated session identifiers.
| This requirement focuses on communications protection at the application session, versus network packet level. The intent of this control is to establish grounds for confidence at each end of a... |
| V-36210 | Low | If the MDM server includes a mobile email management capability, the email client must verify all digital certificates in the certificate chain when performing PKI transactions.
| If an adversary is able to compromise one of the certificates in the certificate chain, the adversary may be able to sign lower level certificates in the chain. This would enable the adversary to... |
| V-36049 | Low | The MDM server must be configured so the connection between the MDM server and the mobile device is initiated based on an out-bound connection request from the MDM server only.
| By configuring the MDM server to connect to the mobile device on an out-bound connection, the traffic is segregated which made it more difficult for an intruder to compromise the device management... |
| V-36047 | Low | The MDM server must prevent unauthorized and unintended access to shared system resources by applications on managed mobile devices.
| The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on... |
| V-36051 | Low | The MDM server must terminate the network connection associated with a communications session at the end of the session or after an organization defined time period of inactivity.
| If communications sessions remain open for extended periods of time even when unused, there is the potential for an adversary to highjack the session and use it to gain access to the device or... |
| V-36252 | Low | The MDM server must associate digital certificates used to sign applications, security policies, etc., with information exchanged between information systems.
| When data is exchanged between information systems, the security attributes associated with said data needs to be maintained. If the associated keys are disrupted application integrity is lost.
|
| V-36250 | Low | If the MDM server includes a mobile email management capability, the email client must support the capability to enable or disable contact list data elements transferred to the phone application.
| The contact list data elements may contain sensitive or PII information, therefore, the data elements accessed outside the security container must be limited so sensitive data is not exposed.
|
| V-36254 | Low | The MDM server must validate the integrity of digital certificates exchanged between systems.
| When data is exchanged between information systems, the security attributes associated with said data needs to be maintained. If the associated keys are disrupted application integrity is lost.
|
| V-36319 | Low | The MDM server must allow designated administrators to select which auditable events are to be audited by the server.
| The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of... |
| V-36313 | Low | The MDM server must protect audit information from unauthorized read access.
| Audit data is considered sensitive, and is intended to be read by the System Administrator only. Allowing non-administrators access to this data could expose vulnerabilities in the system. |
| V-36312 | Low | The MDM server must synchronize internal information system clocks with United States Naval Observatory (USNO or other DoD-approved) time servers at least once every 24 hours.
| Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events. Periodically synchronizing internal... |
| V-36310 | Low | The MDM server must use internal system clocks to generate timestamps for audit records.
| Determining the correct time a particular event occurred within the MDM server architecture is critical when conducting forensic analysis and investigating system events. Without the use of an... |
| V-36317 | Low | The MDM server must provide audit record generation capability for the auditable events defined at the organizational level for defined information system components.
| The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of... |
| V-36227 | Low | If the MDM server includes a mobile email management capability, the email client must cache the certificate status of signed emails that have been received on the handheld device for a period not extending beyond the expiration period of the revocation data.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36226 | Low | If the MDM server includes a mobile email management capability, the email client must provide the mobile device user the capability to save public certificates of contacts in the contact object.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
| V-36223 | Low | If the MDM server includes a mobile email management capability, the email client S/MIME must be fully interoperable with DoD PKI and CAC/PIV. CAC/PIV (hard token) and PKCS#12 (soft token) certificate stores must be supported.
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
