The MDM server must prevent unauthorized and unintended access to shared system resources by applications on managed mobile devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36047	SRG-APP-243-MDM-043-MDM	SV-47436r1_rule		Low

Description
The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Control of information in shared resources is also referred to as object reuse. This prevents inadvertent data disclosure from one process to another.

Description

The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Control of information in shared resources is also referred to as object reuse. This prevents inadvertent data disclosure from one process to another.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44286r1_chk )
Review the MDM server configuration to determine whether the system supports multiple user environments. If it does, verify the system has controls for preventing DoD applications from accessing non-DoD data. Attempt to access non-DoD data from the MDM server. If it is feasible to do so, this is a finding.

Fix Text (F-40577r1_fix)
Configure the MDM server to prevent DoD applications from accessing non-DoD data.