The MEM client must either block or convert all active content in email (HTML, RTF, etc.) to text before the email is forwarded to the mobile device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32804 | WIR-WMS-MEM-23 | SV-43150r1_rule | DCMC-1 | Low |
| Description |
|---|
| HTML email and inline images in email can contain malware or links to websites with malware. |
| STIG | Date |
|---|---|
| Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41137r4_chk ) |
|---|
| Verify the MEM server either blocks or converts all active content in email (HTML, RTF, etc.) to text before the email is forwarded to the mobile device. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
| Fix Text (F-36685r1_fix) |
|---|
| Use a MEM product that either blocks or converts all active content in email (HTML, RTF, etc.) to text before the email is forwarded to the mobile device. |