The MEM client must give the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate is invalid.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32780 | WIR-WMS-MEM-05 | SV-43126r1_rule | IAKM-1 IAKM-2 | Low |
| Description |
|---|
| When the public-key certificate is invalid certificate, the certificate cannot be trusted and the recipient must have the capability to accept or deny the certificate and act on the email content based on sensitivity of the email content and mission needs. |
| STIG | Date |
|---|---|
| Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41113r3_chk ) |
|---|
| Verify the MEM client gives the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate is invalid. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
| Fix Text (F-36661r2_fix) |
|---|
| Use a MEM product that gives the user the option to deny acceptance of a certificate if the mobile email client determines that the certificate is invalid. |