UCF STIG Viewer Logo

If the MDM server includes a mobile email management capability, the email client must cache the certificate status of signed emails that have been received on the handheld device for a period not extending beyond the expiration period of the revocation data.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36227 SRG-APP-196-MDM-209-MEM SV-47631r1_rule Low
Description
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement is to cache the certificate status of signed emails on the mobile device.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44467r1_chk )
Determine if the MDM server includes a mobile email management capability. If no, this requirement is not applicable. If yes, perform the following procedure: Determine if the mobile email client caches the certificate status of an email recipient's PKI certificate. If yes, verify the certificate status is purged from cache within 7 days after being saved. Seven days is considered the default value for the expiration period. Talk to the site system administrator and have them confirm this capability exists in the MDM server. Also, review the MDM server configuration. If the mobile email client saves the certificate status of an email recipient's PKI certificate and does not purge the certificate status within 7 days after being saved, this is a finding.
Fix Text (F-40757r1_fix)
If the MDM server saves the certificate status of an email recipient's PKI certificate, configure the MDM server to purge the certificate status within a period not extending beyond the expiration period of the revocation data.