The MDM server must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, applications need to leverage transmission protection mechanisms, such as TLS, SSL VPN, or IPSEC tunnel.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36050 | SRG-APP-230-MDM-046-SRV | SV-47439r1_rule | Medium |
| Description |
|---|
| Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission. This is usually achieved through the use of Transport Layer Security (TLS), SSL VPN, or IPSEC tunnel. Without these cryptographic mechanisms, the data could be disclosed to unauthorized users or processes during aggregation, packaging, and transformation in preparation for transmission. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44289r1_chk ) |
|---|
| Review the MDM server configuration to determine the functionality exists to maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, the MDM server needs to leverage transmission protection mechanisms, such as TLS, SSL VPN, or IPSEC tunnel. If the MDM server is not configured to use this functionality, this is a finding. |
| Fix Text (F-40580r1_fix) |
|---|
| Configure the MDM server to leverage transmission protection mechanisms, such as TLS, SSL VPN, or IPSEC tunnel when transmitting data. |