If the MDM server includes a mobile email management capability, the email client S/MIME must be fully interoperable with DoD PKI and CAC/PIV. CAC/PIV (hard token) and PKCS#12 (soft token) certificate stores must be supported.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36223 | SRG-APP-196-MDM-204-MEM | SV-47627r1_rule | Low |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the CAC is the required mechanism for that protection. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44463r1_chk ) |
|---|
| Determine if the MDM server includes a mobile email management capability. If no, this requirement is not applicable. If yes, perform the following procedure: Verify the mobile email client S/MIME feature is fully interoperable with DoD PKI and CAC/PIV. CAC/PIV (hard token) and PKCS#12 (soft token) certificate stores must be supported. Talk to the site system administrator and have them confirm this capability exists in the MDM server. Also, review the MDM server configuration. If the mobile email client S/MIME feature is not fully interoperable with DoD PKI and CAC/PIV and CAC/PIV (hard token) and PKCS#12 (soft token) certificate stores are not supported, this is a finding. |
| Fix Text (F-40753r1_fix) |
|---|
| Configure the MDM server so the email client on the mobile device is configured to utilize DoD PKI and CAC/PIV. |