If the MDM server includes a mobile email management capability, the email client S/MIME cryptographic module must be FIPS 140-2 validated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36225	SRG-APP-196-MDM-206-MEM	SV-47629r1_rule		Medium

Description
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement states that the S/MIME cryptographic module must be FIPS 140-2 validated.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44465r1_chk )
Determine if the MDM server includes a mobile email management capability. If no, this requirement is not applicable. If yes, perform the following procedure: Verify the mobile email client S/MIME cryptographic module is FIPS 140-2 validated. Talk to the site system administrator and have them show you that this capability exists in the MDM server. Also Review the MDM server configuration. If the mobile email client S/MIME cryptographic module is not FIPS 140-2 validated, this is a finding.

Check Text ( C-44465r1_chk )

Determine if the MDM server includes a mobile email management capability. If no, this requirement is not applicable. If yes, perform the following procedure: Verify the mobile email client S/MIME cryptographic module is FIPS 140-2 validated. Talk to the site system administrator and have them show you that this capability exists in the MDM server. Also Review the MDM server configuration. If the mobile email client S/MIME cryptographic module is not FIPS 140-2 validated, this is a finding.

Fix Text (F-40755r1_fix)
Configure the MDM server so the email client on the mobile device utilizes a FIPS-140-2 validated cryptographic module.