UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MDM server must prevent modification of key material except during secure, non-operable system states.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36238 SRG-APP-037-MDM-220-SRV SV-47642r1_rule High
Description
Secure, non-operable system states are states in which the information system is not performing mission/business-related processing (e.g., the system is off-line for maintenance, troubleshooting, boot-up, shutdown). If an adversary is able to modify key material, then the adversary may be able to compromise sensitive DoD information. The adversary may also be able to bypass authentication controls on downloaded applications, websites, and network access points depending on the keys modified. This attack could enable the adversary to install unauthorized applications and stage subsequent attacks on other systems. Preventing modification of key material mitigates the risk of this attack. Key material general refers to cryptographic keys and algorithms. There are operations were key material must be modified for proper operation of the cryptographic system.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44478r1_chk )
Review product configuration to determine whether there are appropriate controls to protect key material. If available, use scanning tools to determine whether keys can be modified by non-privileged users and processes. If such key material can be modified, this is a finding.
Fix Text (F-40768r1_fix)
Configure the MDM server to prevent modification of key material except during secure, non-operable system states.