UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must require a valid password be successfully entered before the mobile device data is unencrypted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33239 SRG-OS-000230-MOS-000119 SV-43657r1_rule Medium
Description
Encryption is only effective if the decryption procedure is protected. If an adversary can easily access the private key (either directly or through a software application), sensitive DoD data is likely to be disclosed. Password protection is one method to reduce the likelihood of such an occurrence.
STIG Date
Mobile Operating System Security Requirements Guide 2012-10-01

Details

Check Text ( C-41535r1_chk )
Verify the mobile operating system configuration is set to prompt for a password prior to unencrypting data on the mobile device. In many cases, the transaction may involve the entry of a CAC PIN, which still satisfies the requirement. If data is accessible without entering a password at any point when using the device, this is a finding.
Fix Text (F-37169r1_fix)
Configure the operating system to require a valid password be successfully entered before the mobile device data is unencrypted.