The MEM client must set the Smart Card or Certificate Store Password caching timeout period from at least 15 to 120 minutes, if Smart Card or Certificate Store Password caching is available.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32797	WIR-WMS-MEM-22	SV-43143r1_rule	ECCR-1	Medium

Description
The certificate/key store contents must not remain unencrypted indefinitely; otherwise, the encryption keys and PKI certificates stored in the store could be compromised. The store must re-encrypt contents of the store on or before the required timeout period.

STIG	Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG)	2012-07-20

Details

Check Text ( C-41130r3_chk )
Verify the MEM client sets the Smart Card or Certificate Store Password caching timeout period from at least 15 to 120 minutes, if Smart Card or Certificate Store Password caching is available. Talk to the site system administrator and have them show this capability exists in the MEM server and is set as required. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. Mark as NA if the MEM client does not cache the certificate store password.

Check Text ( C-41130r3_chk )

Verify the MEM client sets the Smart Card or Certificate Store Password caching timeout period from at least 15 to 120 minutes, if Smart Card or Certificate Store Password caching is available. Talk to the site system administrator and have them show this capability exists in the MEM server and is set as required. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features. Mark as NA if the MEM client does not cache the certificate store password.

Fix Text (F-36678r2_fix)
Use a MEM product to set the Smart Card or Certificate Store Password caching timeout period from at least 15 to 120 minutes, if Smart Card or Certificate Store Password caching is available.