UCF STIG Viewer Logo

If the MDM server includes a mobile email management capability, all email (including email attachments) sent over the wireless link from the mobile email client MDM server mobile email management component located on the DoD network must be encrypted using AES. AES 128 bit encryption key length is the minimum requirement; AES 256 desired.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36218 SRG-APP-194-MDM-201-MEM SV-47622r1_rule Medium
Description
If an adversary can access the key store, it may be able to use the keys to perform a variety of unauthorized transactions. It may also be able to modify public-keys in a way that it can trick the operating system into accepting invalid certificates. Encrypting the key store protects the integrity and confidentiality of keys. AES encryption with adequate key lengths provides assurance that the protection is strong.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44458r1_chk )
Determine if the MDM server includes a mobile email management capability. If no, this requirement is not applicable. If yes, perform the following procedure: Verify the mobile email client supports sending all email (including email attachments) sent over the wireless link between the mobile email client and MDM server located on the DoD network using AES. Verify the AES encryption key length is at least 128 bit (AES 128 bit encryption key length is the minimum requirement; AES 256 desired.). Talk to the site system administrator and have them confirm this capability exists in the MDM server. Also, review the MDM server configuration. If the mobile email client does not send all email (including email attachments) sent over the wireless link between the mobile email client and MDM server located on the DoD network using AES 128 (or larger bit size), this is a finding.
Fix Text (F-40748r1_fix)
Configure the MDM server to supports sending all email (including email attachments) sent over the wireless link between the mobile email client and MEM server located on the DoD network using AES 128 (or larger bit size).