The MEM client must support retrieving encryption certificates not stored in the local trust anchor store for S/MIME purposes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32802 | WIR-WMS-MEM-21 | SV-43148r1_rule | IAKM-1 | Low |
| Description |
|---|
| S/MIME operations cannot be performed if the device user cannot access public encryption certificates for email recipients; therefore, if encryption certificates are not stored in the contacts list or other local certificate store, S/MIME must be able to retrieve the certificates from the GAL, GDS, or other non-local DoD sources. |
| STIG | Date |
|---|---|
| Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41135r2_chk ) |
|---|
| Verify the MEM client that supports retrieving encryption certificates not stored in the local trust anchor store for S/MIME purposes. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
| Fix Text (F-36683r1_fix) |
|---|
| Use a MEM product that supports retrieving encryption certificates not stored in the local trust anchor store for S/MIME purposes. |