The MDM server must configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or MDM server).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36149	SRG-APP-135-MDM-149-MDM	SV-47553r1_rule		Medium

Description
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.

Description

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44389r1_chk )
Review the MDM server configuration to ensure the MDM server can configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or MDM server). If this function is not present, this is a finding.

Fix Text (F-40679r1_fix)
Configure the MDM server so the mobile device agent is configured to prohibit the download of software from a DoD non-approved source.