The MDM server must validate the binding of the information producers identity to the information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36068	SRG-APP-082-MDM-064-SRV	SV-47459r1_rule		Medium

Description
Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. For the MDM server, this requirement applies for software updates or applications pushed from the server to managed devices. The MDM server must validate the origin of software updates and applications.

Description

Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. For the MDM server, this requirement applies for software updates or applications pushed from the server to managed devices. The MDM server must validate the origin of software updates and applications.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44307r1_chk )
Review the MDM server configuration to determine whether the digital signatures on software components and applications are being validated. If the system fails this test or documentation or configuration shows that the capability is not present, this is a finding.

Fix Text (F-40598r1_fix)
Configure the MDM server to validate the digital signature on signed software components or applications.