UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must grant a downloaded application only the permissions that DoD has authorized for that application.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33167 SRG-OS-000177-MOS-000099 SV-43565r1_rule Medium
Description
Mobile operating system applications that are able to perform unintended functions may be able to obtain sensitive information or otherwise compromise system security. The permissions that an application requires to perform its function may be delineated in a permissions manifest or in entitlements that are either bound to the application or embedded in its code. Enforcing these permissions limitations is necessary to ensure the application is not permitted to perform unintended functions.
STIG Date
Mobile Operating System Security Requirements Guide 2012-10-01

Details

Check Text ( C-41427r1_chk )
Review IA information resources to determine if the operating system enforces privileges as advertised. Use an integrity tool to determine if an application is permitted to perform restricted functions. If it is determined that the authorized permissions are not enforced, this is a finding.
Fix Text (F-37066r1_fix)
Configure the mobile operating system to only grant an application those permissions that DoD has authorized for that application.