UCF STIG Viewer Logo

The MEM client must not cache the certificate status of signed emails that have been received on the handheld device beyond the expiration period of the revocation data.


Finding ID Version Rule ID IA Controls Severity
V-32796 WIR-WMS-MEM-15 SV-43142r1_rule IAKM-1 Low
If the revocation status of the certificate is not cached, the email client would need to retrieve the status every time a user opens a signed email, which would cause a usability issue of the mobile email feature and possibly cause the user to begin to ignore the status of signing certificates in received email.
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-05-08


Check Text ( C-41129r5_chk )
There is no requirement that the certificate status of an email recipients PKI certificate be cached on the mobile device. If it is cached, the status must be deleted within 7 days after being saved in the cache.

Determine if the MEM client caches the certificate status of an email recipients PKI certificate. If yes, verify the certificate status is purged from cache within 7 days after being saved. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features. Mark as NA if the MEM client does not cache the certificate status.
Fix Text (F-36677r2_fix)
Use a MEM product that supports certificate status caching of no more than 7 days, if certificate status caching is supported.