The MDM server must display to the administrator the identity of the entity that signed the downloaded software before installing the software.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36072	SRG-APP-013-MDM-072-SRV	SV-47463r1_rule		Low

Description
The user provides an important line of defense in protecting the system against the installation of malicious software. It is more likely that software will be installed from unknown sources if the user is unaware of the transactions. Revealing the signatory of downloaded software to the user enables the user to identify rogue or suspect sources prior to installation, and possibly abort the transaction or report the concern to the IAO.

Description

The user provides an important line of defense in protecting the system against the installation of malicious software. It is more likely that software will be installed from unknown sources if the user is unaware of the transactions. Revealing the signatory of downloaded software to the user enables the user to identify rogue or suspect sources prior to installation, and possibly abort the transaction or report the concern to the IAO.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44311r1_chk )
Review the MDM server configuration to ensure downloaded software displays the signed identity of the package to the administrator prior to installation. If the software does not display the signed identity, this is a finding.

Fix Text (F-40602r1_fix)
Configure the MDM server to display to the user the identity of the entity that signed a downloaded application before installing the application.