Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32807 | WIR-WMS-MEM-26 | SV-43153r1_rule | ECAN-1 | Low |
Description |
---|
Sensitive contact information could be exposed to unauthorized people. |
STIG | Date |
---|---|
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Check Text ( C-41140r3_chk ) |
---|
Verify the MEM server supports the capability to limit the fields in the email client contacts list can be exported to the mobile device contacts list, if this capability is supported. This feature is usually implemented via a security policy pushed from the MEM server to the email client. Transferred email contact information should be limited to contact name and telephone numbers. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
Fix Text (F-36688r2_fix) |
---|
Use a MEM product that supports the capability to limit what fields in the email client contacts list can be exported to the mobile device contacts list. |