UCF STIG Viewer Logo

The MEM client must enable a system administrator to select which data fields in the contacts data base will be available to applications outside of the contact database.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32807 WIR-WMS-MEM-26 SV-43153r1_rule ECAN-1 Low
Description
Sensitive contact information could be exposed to unauthorized people.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41140r3_chk )
Verify the MEM server supports the capability to limit the fields in the email client contacts list can be exported to the mobile device contacts list, if this capability is supported. This feature is usually implemented via a security policy pushed from the MEM server to the email client. Transferred email contact information should be limited to contact name and telephone numbers.

Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features.
Fix Text (F-36688r2_fix)
Use a MEM product that supports the capability to limit what fields in the email client contacts list can be exported to the mobile device contacts list.