Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must display to the administrator the identity of the entity that signed the downloaded software before installing the software.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36072 | SRG-APP-013-MDM-072-SRV | SV-47463r1_rule | Low |
| Description |
|---|
| The user provides an important line of defense in protecting the system against the installation of malicious software. It is more likely that software will be installed from unknown sources if the user is unaware of the transactions. Revealing the signatory of downloaded software to the user enables the user to identify rogue or suspect sources prior to installation, and possibly abort the transaction or report the concern to the IAO. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44311r1_chk ) |
|---|
| Review the MDM server configuration to ensure downloaded software displays the signed identity of the package to the administrator prior to installation. If the software does not display the signed identity, this is a finding. |
| Fix Text (F-40602r1_fix) |
|---|
| Configure the MDM server to display to the user the identity of the entity that signed a downloaded application before installing the application. |