UCF STIG Viewer Logo

The MDM server must provide the administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36150 SRG-APP-135-MDM-150-MDM SV-47554r1_rule Medium
Description
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores. In some cases, some applications are required for secure operation of the mobile devices controlled by the MDM server. In these cases, the ability for users to remove the application is needed as to ensure proper secure operations of the device.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44390r1_chk )
Review the MDM server configuration to determine whether there is administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user. If this function is not present, this is a finding.
Fix Text (F-40680r1_fix)
Configure the MDM server so it has the administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user.