The MDM server device integrity scanning component must implement detection and inspection mechanisms to identify unauthorized mobile code on managed mobile devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36173 | SRG-APP-206-MDM-169-MDIS | SV-47577r1_rule | High |
| Description |
|---|
| Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously. Mobile code can contain malicious code and be executed without the user's consent. When the MDM server scans and detects mobile code, this risk can be mitigated. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44413r1_chk ) |
|---|
| Review the MDM server configuration to ensure the MDM server device integrity validation component implements detection and inspection mechanisms to identify unauthorized mobile code on managed mobile devices. If this function is not configured, this is a finding. |
| Fix Text (F-40703r1_fix) |
|---|
| Configure the MDM server device integrity validation component to implement detection and inspection mechanisms to identify unauthorized mobile code on managed mobile devices. |