Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The master AES encryption key used to encrypt data between the MDM server and the agent on the mobile device must be rotated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36365 | SRG-APP-193-MDM-296-SRV | SV-47769r1_rule | Medium |
| Description |
|---|
| There are two primary methods for generating the encryption key used to encrypt data between the management server and the server agent installed on the mobile device. The first method is to use a shared secret and the second is to generate the master encryption key based on PKI key generation. When a shared secret is used, if the master encryption key is not rotated periodically, and it is compromised, all future data sent between the mobile management server and the agent located on the mobile device would be compromised. Limit the compromise to an organizationally defined period is a security best practice. This is typically 30 days or less. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44607r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the MDM server is configured to rotate its master AES encryption key. If the master AES encryption key is not configured to rotate, this is a finding. |
| Fix Text (F-40897r1_fix) |
|---|
| Configure the MDM server to rotate its master AES encryption key. |