Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
If the MDM server includes a mobile email management capability, the email client S/MIME cryptographic module must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36225 | SRG-APP-196-MDM-206-MEM | SV-47629r1_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement states that the S/MIME cryptographic module must be FIPS 140-2 validated. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44465r1_chk ) |
|---|
| Determine if the MDM server includes a mobile email management capability. If no, this requirement is not applicable. If yes, perform the following procedure: Verify the mobile email client S/MIME cryptographic module is FIPS 140-2 validated. Talk to the site system administrator and have them show you that this capability exists in the MDM server. Also Review the MDM server configuration. If the mobile email client S/MIME cryptographic module is not FIPS 140-2 validated, this is a finding. |
| Fix Text (F-40755r1_fix) |
|---|
| Configure the MDM server so the email client on the mobile device utilizes a FIPS-140-2 validated cryptographic module. |