Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MEM client must provide the capability to save public certificates of contacts in an acceptable method.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32795 | WIR-WMS-MEM-14 | SV-43141r1_rule | IAKM-1 | Low |
| Description |
|---|
| This capability is required to support S/MIME encryption of email. Without S/MIME, end-to-end data encryption is not possible and sensitive DoD data could be compromised. |
| STIG | Date |
|---|---|
| Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41128r5_chk ) |
|---|
| Verify the MEM client saves public certificates of contacts in the contact object by one of the following methods: 1. By saving public PKI certificates that were attached to a received email message to the contacts object. 2. By downloading the certificates via an external partner PKI lookup from the mobile device. 3. By sending a signed email to a contact that just sent a signed email. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
| Fix Text (F-36676r3_fix) |
|---|
| Use a MEM product that saves public certificates of contacts in the contact object by one of the acceptable methods. |