Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must grant a downloaded application only the permissions that DoD has authorized for that application.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33167 | SRG-OS-000177-MOS-000099 | SV-43565r1_rule | Medium |
| Description |
|---|
| Mobile operating system applications that are able to perform unintended functions may be able to obtain sensitive information or otherwise compromise system security. The permissions that an application requires to perform its function may be delineated in a permissions manifest or in entitlements that are either bound to the application or embedded in its code. Enforcing these permissions limitations is necessary to ensure the application is not permitted to perform unintended functions. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2012-10-01 |
Details
| Check Text ( C-41427r1_chk ) |
|---|
| Review IA information resources to determine if the operating system enforces privileges as advertised. Use an integrity tool to determine if an application is permitted to perform restricted functions. If it is determined that the authorized permissions are not enforced, this is a finding. |
| Fix Text (F-37066r1_fix) |
|---|
| Configure the mobile operating system to only grant an application those permissions that DoD has authorized for that application. |