Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must validate the binding of the information producers identity to the information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36068 | SRG-APP-082-MDM-064-SRV | SV-47459r1_rule | Medium |
| Description |
|---|
| Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. For the MDM server, this requirement applies for software updates or applications pushed from the server to managed devices. The MDM server must validate the origin of software updates and applications. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44307r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the digital signatures on software components and applications are being validated. If the system fails this test or documentation or configuration shows that the capability is not present, this is a finding. |
| Fix Text (F-40598r1_fix) |
|---|
| Configure the MDM server to validate the digital signature on signed software components or applications. |