UCF STIG Viewer Logo

The MEM client must provide the mobile device user the capability to decrypt incoming email messages using software or hardware based digital certificates.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32799 WIR-WMS-MEM-18 SV-43145r1_rule IAKM-1 Medium
Description
The email client must support signing operations (verifying digital signatures) and decrypting email using both software and hardware PKI certificates so that the DoD can use either certificate form factor based on current policy, security threat, and mission needs.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41132r2_chk )
Verify the MEM client provides the mobile device user the capability to decrypt incoming email messages using software or hardware based digital certificates. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features.
Fix Text (F-36680r2_fix)
Use a MEM product that provides mobile device users the capability to decrypt incoming email messages using software or hardware based digital certificates.