The MDM server must protect against an individual falsely denying having performed a particular action.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36022	SRG-APP-080-MDM-019-SRV	SV-47411r1_rule		Medium

Description
Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. When non-repudiation techniques are not employed, high assurance that an individual performed a specific action cannot be guaranteed and the individual can falsely deny having performed such action and therefore, be held unaccountable. Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document.

Description

Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. When non-repudiation techniques are not employed, high assurance that an individual performed a specific action cannot be guaranteed and the individual can falsely deny having performed such action and therefore, be held unaccountable. Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44261r1_chk )
Review the MDM server configuration to determine whether the system is protecting against an individual falsely denying having performed a particular action. If the system is not performing this function, this is a finding.

Fix Text (F-40552r1_fix)
Configure the MDM server to protect against an individual falsely denying having performed a particular action.