The MEM client must provide the capability to save public certificates of contacts in an acceptable method.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32795	WIR-WMS-MEM-14	SV-43141r1_rule	IAKM-1	Low

Description
This capability is required to support S/MIME encryption of email. Without S/MIME, end-to-end data encryption is not possible and sensitive DoD data could be compromised.

STIG	Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG)	2013-05-08

Details

Check Text ( C-41128r5_chk )
Verify the MEM client saves public certificates of contacts in the contact object by one of the following methods: 1. By saving public PKI certificates that were attached to a received email message to the contacts object. 2. By downloading the certificates via an external partner PKI lookup from the mobile device. 3. By sending a signed email to a contact that just sent a signed email. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features.

Check Text ( C-41128r5_chk )

Verify the MEM client saves public certificates of contacts in the contact object by one of the following methods:
1. By saving public PKI certificates that were attached to a received email message to the contacts object.
2. By downloading the certificates via an external partner PKI lookup from the mobile device.
3. By sending a signed email to a contact that just sent a signed email.

Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features.

Fix Text (F-36676r3_fix)
Use a MEM product that saves public certificates of contacts in the contact object by one of the acceptable methods.