| V-33159 | High | The mobile operating system must employ NSA approved cryptography to protect classified information. | Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to... |
| V-32951 | High | The mobile operating system must not automatically execute applications without user direction. | Auto execution vulnerabilities can result in malicious programs being automatically executed. Examples of information system functionality providing the capability for automatic execution of code... |
| V-32959 | High | The mobile operating system must transfer audit logs to remote log or management servers. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes timestamps, source... |
| V-33058 | High | The mobile operating system must not permit mobile service carriers to have privileged access to the operating system or perform any function not directed by the user. | Permitting mobile service carriers access to the mobile operating system leaves the device vulnerable to breach from rogue elements within the carrier infrastructure. Mobile service carriers are... |
| V-33052 | High | The mobile operating system must prevent the installation of applications that are not digitally signed with a DoD approved private key. | Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system.... |
| V-33183 | High | The mobile operating system must support automated patch management tools to facilitate flaw remediation of all software components on the device. | The organization (including any contractor to the organization) must promptly install security relevant software updates (e.g., patches, service packs, hot fixes). Flaws discovered during security... |
| V-33188 | High | The mobile operating system must prevent non-privileged users from circumventing intrusion detection and prevention capabilities. | Intrusion detection and prevention capabilities must be architected and implemented to prevent non-privileged users from circumventing such protections. Ensuring that any security feature is... |
| V-33067 | High | The mobile operating system must prevent a user from installing unapproved applications. | The operating system must enforce software installation by users based upon what types of software installations are permitted (e.g., updates and security patches to existing software) and what... |
| V-33113 | High | The mobile operating system must prevent the user of the device from directly administering UIDs, file permissions, and system configuration files, and from starting and stopping system processes. | If the user of the device can perform management functions, the user could modify the device configuration to degrade the IA posture of the device. Preventing such activity mitigates the risk of... |
| V-33192 | High | The operating system must provide notification to an external device and halt the boot cycle if the OS detects tampering or fails operating system security tests. | Automated security tests performed by the mobile operating system are critical in the detection of IA attacks. Such checks include verification of the integrity of operating system files, device... |
| V-33195 | High | The mobile operating system verifies the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and at least every six hours thereafter using one or more DoD approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline. | One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
| V-33292 | High | The mobile operating system must not permit a user to disable or modify the security policy or enforcement mechanisms on the device. | The integrity of the security policy and enforcement mechanisms is critical to the IA posture of the operating system. If a user can modify a device's security policy or enforcement mechanisms,... |
| V-33095 | High | The mobile operating system and mobile device management services must mutually authenticate each other using bi-directional PKI-based cryptographic authentication methods. | Without strong mutual (bi-directional) authentication a mobile device may connect to an unauthorized mobile device management (MDM) server and obtain improper security policies or configuration... |
| V-33013 | High | The mobile operating system must provide mutual authentication between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session. | Provisioning data includes operating system configuration, key material, and other initialization data. It may be sensitive and therefore must be adequately protected. An adversary within the... |
| V-33182 | High | The mobile operating system must detect and report the version of the operating system, device drivers, and application software when queried by an authorized entity. | Organizations are required to identify information systems containing software affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) and report... |
| V-33169 | High | Only DoD PKI issued or DoD approved software authentication certificates may be installed on DoD mobile operating system devices. | If unauthorized software authentication certificates are installed on the device, then the operating system would not block malware signed by the entity that published these certificates. Such... |
| V-33281 | High | The mobile operating system must employ malicious code protection mechanisms to detect and eradicate malicious code from installing and executing. | In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes... |
| V-33271 | High | The mobile operating system must disable the mobile device upon the Mobile Device Management agents instruction, permitting someone in possession of the device to make emergency 911 calls only. | Under some conditions, a compromised device represents a threat to other computing resources on the network. For example, a compromised device may attempt to conduct a denial of service attack on... |
| V-33001 | High | The mobile operating system must not transmit passwords in clear text. | Transmission of passwords in clear text reveals the password to any adversary who can successfully eavesdrop on the communication. In the case of wireless communication, the ability to eavesdrop... |
| V-33265 | High | The operating system must initiate security auditing at system start-up. | The audit capability is most effective if it is running at all times. Otherwise there may be time gaps in the audit logs in which an adversary can hide malicious behavior. Initiating security... |
| V-33149 | High | The mobile operating system PKI certificate store must encrypt contents using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired). | If an adversary can access the key store, it may be able to use the keys to perform a variety of unauthorized transactions. It may also be able to modify public keys in a way that it can trick the... |
| V-33088 | Medium | The operating system must use organization defined replay-resistant authentication mechanisms for network access to non-privileged accounts. | An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
Rationale for... |
| V-33099 | Medium | The operating system must dynamically manage identifiers, attributes, and associated access authorizations. | Dynamic management of identities and association of attributes and privileges with these identities are anticipated and provisioned. Pre-established trust relationships and mechanisms with... |
| V-33098 | Medium | The operating system must manage information system identifiers for users and devices by disabling the user identifier after an organization defined time period of inactivity. | Inactive user accounts pose a risk to systems and applications. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.
Rationale for... |
| V-33009 | Medium | The operating system must enforce security policies regarding information on interconnected systems. | The operating system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.
Rationale... |
| V-33156 | Medium | The mobile operating system PKI certificate store must be FIPS 140-2 validated. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been... |
| V-33157 | Medium | The cryptographic module supporting Bluetooth data communications must be FIPS 140-2 validated. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented... |
| V-33154 | Medium | The cryptographic module supporting encryption of data at rest must be FIPS 140-2 validated. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented... |
| V-33155 | Medium | The cryptographic module supporting the VPN client security functions must be FIPS 140-2 validated. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented... |
| V-33152 | Medium | The operating system must implement required cryptographic protections using cryptographic modules that comply with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data.
Rationale for non-applicability: This vulnerability is better addressed by CCI-001145,... |
| V-33153 | Medium | The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been... |
| V-33150 | Medium | The mobile operating system must support both software-based and hardware-based asymmetric key technology (e.g., CAC/PIV). | Software-based certificates are required to authenticate many web sites. Hardware-based tokens are embedded in the DoD Common Access Card (CAC). Without both software and hardware-based asymmetric... |
| V-33151 | Medium | The operating system must produce, control, and distribute asymmetric cryptographic keys using approved PKI Class 3 or Class 4 certificates and hardware security tokens that protect the users private key. | Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures.
Rationale for non-applicability: This control... |
| V-33255 | Medium | The operating system must only allow authorized entities to change security attributes. | Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects, objects) with respect to safeguarding information. These attributes are... |
| V-33254 | Medium | The operating system must dynamically reconfigure security attributes in accordance with an identified security policy as information is created and combined. | Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects, objects) with respect to safeguarding information. These attributes are... |
| V-33257 | Medium | The operating system must only allow authorized users to associate security attributes with information. | The term security label is often used to associate a set of security attributes with a specific information object as part of the data structure for that object (e.g., user access privileges,... |
| V-33256 | Medium | The operating system maintains the binding of security attributes to information with sufficient assurance that the information attribute association can be used as the basis for automated policy actions. | The term security label is often used to associate a set of security attributes with a specific information object as part of the data structure for that object (e.g., user access privileges,... |
| V-33251 | Medium | The operating system must automatically audit account disabling actions. | Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify... |
| V-33240 | Medium | The mobile operating system must re-encrypt all device data when the device is locked. | Data at rest refers to all stored data on a mobile device that will include the address book and other PII, data created by a user when using some applications, as well as data received, such as... |
| V-33158 | Medium | The cryptographic module supporting Wi-Fi security functions must be FIPS 140-2 validated. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented... |
| V-33144 | Medium | The operating system must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. | Confidentiality of the data must be maintained to ensure unauthorized users or processes do not have access to it. This can be accomplished via access control mechanisms or encryption.
Rationale... |
| V-33241 | Medium | The mobile operating system must prohibit wireless remote access connections except for personal hotspot service. | The device acts as a personal hotspot when it accepts remote connections on a local area network interface for the purposes of routing traffic to a wide area network interface. The most common... |
| V-32908 | Medium | The operating system must automatically disable inactive accounts after an organization defined time period. | Users are often the first line of defense within an application. Active users take notice of system and data conditions and are usually the first to notify systems administrators when they notice... |
| V-33060 | Medium | The mobile operating system must verify the integrity of application software before each instance of its execution. | A common method to compromise system security is to modify application software to perform malicious functions that will execute when the user runs the application. Verifying the integrity of the... |
| V-32987 | Medium | The mobile operating system must alert the user when it receives a public-key certificate issued from an untrusted certificate authority. | If the user is aware that a certificate has been issued from an untrusted certificate authority, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious... |
| V-32956 | Medium | The operating system must produce audit records containing sufficient information to establish the sources of the events. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes timestamps, source... |
| V-32950 | Medium | The operating system must monitor for unauthorized connections of mobile devices to organizational information systems. | Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g.,... |
| V-32952 | Medium | The operating system must employ automated mechanisms to enable authorized users to make information sharing decisions based on access authorizations of sharing partners and access restrictions on information to be shared. | Depending on the information sharing circumstance, the sharing partner may be defined at the individual, group, or organization level and information may be defined by specific content, type, or... |
| V-33090 | Medium | The mobile operating systems Bluetooth module must not permit any data transfer between devices prior to Bluetooth mutual authentication. | Bluetooth mutual authentication provides assurance that both the mobile device and Bluetooth peripheral are legitimate. If the authentication does not occur immediately before permitting a network... |
| V-32933 | Medium | The operating system, when the maximum number of unsuccessful attempts is exceeded, must automatically lock the account for an organization defined time period or must lock the account until released by an administrator IAW organizational policy. | Anytime an authentication method is exposed to allow for the utilization of an operating system, there is a risk that attempts will be made to obtain unauthorized access.
Rationale for... |
| V-32932 | Medium | The operating system must enforce the organization defined limit of consecutive invalid access attempts by a user during the organization defined time period. | Anytime an authentication method is exposed, allowing for the utilization of an operating system, there is a risk that attempts will be made to obtain unauthorized access.
Rationale for... |
| V-32930 | Medium | The mobile operating system must audit any use of privileged accounts, or roles, with access to organization defined security functions or security relevant information, when accessing other system functions. | This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of role is intended to address those situations where an access control... |
| V-33061 | Medium | The mobile operating system must detect the addition of unauthorized hardware components and peripherals at start up and when they are attached. | Unauthorized hardware components and peripherals include memory cards, SIM cards, and USB attachments. If the user or an adversary is able to add or attach unauthorized components to a device,... |
| V-33123 | Medium | The operating system must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service attacks. | In the case of Denial of Service attacks, care must be taken when designing the operating system so as to ensure the operating system makes the best use of system resources.
Rationale for... |
| V-33122 | Medium | The operating system must restrict the ability of users to launch Denial of Service attacks against other information systems or networks. | When it comes to Denial of Service (DoS) attacks, most of the attention is paid to ensuring the systems and applications are not victims of these attacks.
Rationale for non-applicability:... |
| V-33121 | Medium | The operating system must protect against or must limit the effects of the organization defined or referenced types of Denial of Service attacks. | A variety of technologies exist to limit, or in some cases, eliminate the effects of Denial of Service (DoS) attacks. When it comes to DoS attacks, most attention is paid to ensuring the systems... |
| V-33249 | Medium | The operating system must support and maintain the binding of organization defined security attributes to information in transmission. | Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects, objects) with respect to safeguarding information. These attributes are... |
| V-33127 | Medium | The operating system must route organization defined internal communications traffic to organization defined external networks through authenticated proxy servers within the managed interfaces of boundary protection devices. | A proxy server is designed to hide the identity of the client when making a connection to a server outside of its network. This prevents any hackers on the outside of learning IP addresses within... |
| V-33126 | Medium | The operating system must connect to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. | The operating system must ensure traffic flows through only managed interfaces. For operating systems on the perimeter of the network (e.g., laptops connecting remotely) this helps protect the... |
| V-33125 | Medium | The operating system must monitor and control communications at the external boundary of the information system and at key internal boundaries within the system. | The operating system must monitor and control communications at the boundary of the operating system.
Rationale for non-applicability: This vulnerability is better addressed by CCI-001118, which... |
| V-33124 | Medium | The operating system must limit the use of resources by priority. | Priority protection helps prevent a lower-priority process from delaying or interfering with the operating system servicing any higher-priority process. Operating systems must limit potential high... |
| V-33242 | Medium | The mobile operating system must authenticate tethered connections to the device. | Authentication may occur either by reentry of the device unlock passcode at the time of connection, through another passcode with the same or stronger complexity, or through PKI certificates.... |
| V-32982 | Medium | The operating system must support the capability to compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within organization defined level of tolerance. | Audit generation and audit records can be generated from various components within the information system. The list of audited events is the set of events for which audits are to be generated.... |
| V-33129 | Medium | The operating system must check incoming communications to ensure the communications are coming from an authorized source and routed to an authorized destination. | In the case of the operating system, the boundary may be the workstation on the public internet.
Rationale for non-applicability: Resource constraints on mobile devices preclude implementation of... |
| V-33128 | Medium | The operating system, at managed interfaces, must deny network traffic and must audit internal users (or malicious code) posing a threat to external information systems. | Detecting internal actions that may pose a security threat to external information systems is sometimes termed extrusion detection. Extrusion detection at the information system boundary includes... |
| V-33246 | Medium | The operating system must notify the user of organization defined security-related changes to the users account that occur during the organization defined time period. | Some organizations may define certain security events as events requiring user notification. An organization may define an event such as a password change to a user's account occurring outside of... |
| V-33247 | Medium | The mobile operating system must maintain the binding of digital signatures on software components and applications in storage. | Digital signatures enable the system to verify the integrity of the signed object and authenticate the object's signatory. Failure to maintain the binding of digital signatures on software... |
| V-33244 | Medium | The operating system must notify the user of the number of successful logins/accesses that occur during the organization defined time period. | Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of successful attempts made to login to their account allows the user... |
| V-33245 | Medium | The operating system must notify the user of the number of unsuccessful login/access attempts that occur during organization defined time period. | Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts made to login to their account allows the... |
| V-33059 | Medium | The operating system must configure the information system to specifically prohibit or restrict the use of organization defined functions, ports, protocols, and/or services. | Operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
| V-32980 | Medium | The mobile operating system must allow organizational personnel through mobile device management services to select which auditable events are to be audited by the mobile operating system. | The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of... |
| V-33053 | Medium | The operating system must enforce a two-person rule for changes to organization defined information system components and system-level information. | Regarding access restrictions for changes made to organization defined information system components and system level information. Any changes to the hardware, software, and/or firmware components... |
| V-33051 | Medium | The operating system must employ automated mechanisms to support auditing of the enforcement actions. | Some operating system features, including security enforcement, may only be modified when the operating system is not running. Logging startup events provides valuable information on system... |
| V-33050 | Medium | The operating system must employ automated mechanisms to enforce access restrictions. | When dealing with access restrictions pertaining to change control, it should be noted that, any changes to the hardware, software, and/or firmware components of the information system and/or... |
| V-33057 | Medium | The mobile operating system must not permit a user to remove organizationally required applications. | Organizationally required applications are present on the device because they support the organization's mission. Therefore, their absence degrades mission performance. Preventing the removal of... |
| V-33056 | Medium | The operating system must employ automated mechanisms to respond to unauthorized changes to organization defined configuration settings. | Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Security-related parameters are those parameters... |
| V-33055 | Medium | The operating system must employ automated mechanisms to centrally verify configuration settings. | Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Security-related parameters are those parameters... |
| V-33054 | Medium | The operating system must employ automated mechanisms to centrally apply configuration settings. | Configuration settings are the configurable security-related parameters of operating system.
Rationale for non-applicability: This vulnerability is better addressed by implementing CCI-000370,... |
| V-32943 | Medium | The mobile operating system must retain the device lock until the user reestablishes access using established identification and authentication procedures. | The device lock function prevents further access to the system by initiating a session lock after a period of inactivity or upon receiving a request from a user. The device lock is retained until... |
| V-32941 | Medium | The operating system must limit the number of concurrent sessions for each account to an organization defined number of sessions. | Limiting the number of allowed users and sessions per user can limit risks related to Denial of Service attacks. The organization may define the maximum number of concurrent sessions for an... |
| V-32946 | Medium | The mobile operating system device lock, when activated on a device, must place a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen. | The device lock function prevents further access to the system by initiating a session lock after a period of inactivity or upon receiving a request from a user. The device lock is retained until... |
| V-32944 | Medium | The mobile operating system must lock the device following a minimum, organizationally-defined period of inactivity. | The device lock function prevents further access to the system by initiating a session lock after a period of inactivity or upon receiving a request from a user. The device lock is retained until... |
| V-32945 | Medium | The mobile operating system must permit the user to directly initiate device lock. | The device lock function prevents further access to the system by initiating a session lock after a period of inactivity or upon receiving a request from a user. The device lock is retained until... |
| V-33259 | Medium | The operating system must disable the use of organization defined networking protocols within the operating system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. | Some networking protocols may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol... |
| V-32948 | Medium | The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods. | Remote network access is accomplished by leveraging common communication protocols to establish a remote connection.
Rationale for non-applicability: When the mobile OS is performing remote... |
| V-32949 | Medium | The mobile operating system must use cryptography to protect the confidentiality of remote access sessions. | Remote network access is accomplished by leveraging common communication protocols to establish a remote connection. These connections typically will occur over the public Internet.
Rationale for... |
| V-32998 | Medium | The mobile operating system must disallow the device unlock password from containing an organizationally-defined minimum number of numeric characters. | Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Setting minimum numbers of certain types of characters increases... |
| V-33258 | Medium | The operating system must display security attributes in human-readable form on each object output from the system to system output devices to identify an organization identified set of special dissemination, handling, or distribution instructions using organization identified human-readable, standard naming conventions. | Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects, objects) with respect to safeguarding information. These attributes are... |
| V-32924 | Medium | The operating system must support organization defined one-way flows using hardware mechanisms. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-32925 | Medium | The operating system must enforce information flow control using organization defined security policy filters as a basis for flow control decisions. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-32926 | Medium | The operating system must provide the capability for a privileged administrator to enable/disable organization defined security policy filters. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-32927 | Medium | The operating system must provide the capability for a privileged administrator to configure the organization defined security policy filters to support different security policies. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-32920 | Medium | The operating system must enforce dynamic information flow control based on policy that must allow or disallow information flows based upon changing conditions or operational considerations. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-32921 | Medium | The operating system must prevent encrypted data from bypassing content checking mechanisms. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-32922 | Medium | The operating system must enforce organization defined limitations on the embedding of data types within other data types. | The operating system must enforce organization defined limitations on the embedding of data types within other data types.
Rationale for non-applicability: This control maps to NIST SP 800-53... |
| V-32923 | Medium | The operating system must enforce information flow control on metadata. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-32929 | Medium | The operating system must implement separation of duties through assigned information system access authorizations. | Separation of duties is a prevalent Information Technology control implemented at different layers of the information system, including the operating system and in applications. It serves to... |
| V-33131 | Medium | The operating system must route all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing. | Managed interfaces employing boundary protection must be used for operating systems when using privileged accesses.
Rationale for non-applicability: Mobile devices do not have dedicated... |
| V-33132 | Medium | The operating system must prevent discovery of specific system components (or devices) composing a managed interface. | Allowing discovery of operating system resources, names, or components can lead to giving information to an attacker that may be used as an attack vector.
Rationale for non-applicability:... |
| V-33133 | Medium | The operating system must employ automated mechanisms to enforce strict adherence to protocol format. | Crafted packets not conforming to IEEE standards can be used by malicious people to exploit a host's protocol stack to create a Denial of Service or force a device reset.
Rationale for... |
| V-33134 | Medium | The operating system must fail securely in the event of an operational failure of a boundary protection device. | Fail secure is a condition achieved by the operating system employing a set of information system mechanisms to ensure, in the event of an operational failure of a boundary protection device at a... |
| V-33135 | Medium | The operating system must protect the integrity of transmitted information. | Ensuring the integrity of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across... |
| V-33136 | Medium | The operating system must use multifactor authentication for network access to privileged accounts. | Multifactor authentication is defined as using two or more factors to achieve authentication.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed... |
| V-33137 | Medium | The operating system must employ cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures. | Ensuring the integrity of transmitted information requires operating systems take measures to employ some form of cryptographic mechanism in order to recognize changes to information. This is... |
| V-33138 | Medium | The operating system must maintain the integrity of information during aggregation, packaging, and transformation in preparation for transmission. | Ensuring the confidentiality of transmitted information requires the operating system take measures in preparing information for transmission. This can be accomplished via access control or... |
| V-33139 | Medium | The mobile operating systems VPN client must use either IPSec or SSL/TLS when connecting to DoD networks. | Use of non-standard communications protocols can affect both the availability and confidentiality of communications. IPSec and SSL/TLS are both well-known and tested protocols that provide strong... |
| V-32989 | Medium | The mobile operating system must give the user the option to deny acceptance of a certificate if the certificate was issued by an untrusted certificate authority. | When the operating system accepts the use of certificates issued from an untrusted certificate authority, there is the potential that the system presenting the certificate is malicious, and can... |
| V-33164 | Medium | The mobile operating system must prohibit remote activation of collaborative computing functions, including microphones, cameras, and networked white boards without user concurrence. | If an adversary can remotely activate collaborative computing functions, the adversary may be able to listen to the user's conversations, obtain visual data about the user's surroundings, or read... |
| V-33069 | Medium | The mobile operating system must only permit download of software from a DoD approved source (e.g., DoD operated mobile device application store or MDM server). | The mobile operating system must only permit download of software from a DoD approved source (e.g., DoD operated mobile device application store or MDM server). |
| V-33239 | Medium | The mobile operating system must require a valid password be successfully entered before the mobile device data is unencrypted. | Encryption is only effective if the decryption procedure is protected. If an adversary can easily access the private key (either directly or through a software application), sensitive DoD data is... |
| V-33238 | Medium | The mobile operating system must encrypt all data on the mobile device using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired). | If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly,... |
| V-33237 | Medium | The mobile operating system must employ mobile device management services to centrally manage security relevant configuration and policy settings. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
| V-33236 | Medium | The operating system for publicly accessible systems must display the system use information when appropriate, before granting further access. | Requirement applies to publicly accessible systems. System use notification messages can be implemented in the form of warning banners displayed when individuals log in to the information system.... |
| V-33235 | Medium | The mobile operating system maximum number of consecutive unsuccessful unlock attempts must be configurable within a range from 5 to 10. | The recommended setting for the maximum number of consecutive unsuccessful unlock attempts is 10. In some environments, a lower number may be needed to provide greater protection of sensitive... |
| V-33234 | Medium | The mobile operating system must wipe data on both embedded storage and removable media when performing a data wipe function. | Sensitive data may be resident on both embedded and removable memory. If the operating system only performs the wipe function on one type of memory, then this will leave the other vulnerable.... |
| V-33233 | Medium | The mobile operating system must wipe all storage media after an organization defined number of consecutive, unsuccessful attempts to unlock the mobile device. | Mobile devices present additional risks related to attempted unauthorized access. If they are lost, stolen, or misplaced, attempts can be made to unlock the device by guessing the password. Once... |
| V-33232 | Medium | The operating system must uniquely authenticate source domains for information transfer. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33250 | Medium | The operating system must automatically audit account modification. | Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify... |
| V-33253 | Medium | The operating system must enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33252 | Medium | The operating system must automatically audit account termination. | Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify... |
| V-32911 | Medium | The operating system must dynamically manage user privileges and associated access authorizations. | While user identities remain relatively constant over time, user privileges may change more frequently based on the ongoing mission/business requirements and operational needs of the organization.... |
| V-32910 | Medium | The operating system must support the requirement to automatically audit on account creation. | Auditing of account creation is a method and best practice for mitigating the risk of an attacker creating a persistent method of re-establishing access. A comprehensive account management process... |
| V-32913 | Medium | The mobile operating system must enforce a mandatory access control (MAC) policy that prohibits any application, user, or process from modifying software in the trusted computing base with the exception of protected processes dedicated to performing updates to particular trusted computing base components. | The trusted computing base includes the OS, device drivers, system and security configuration files, and key material. OS functions include audit and security policy enforcement mechanisms. In the... |
| V-32912 | Medium | The operating system must enforce dual authorization, based on organizational policies and procedures for organization defined privileged commands. | Dual authorization mechanisms require two distinct approving authorities to approve the use of the command prior to it being invoked. An organization may determine certain commands or... |
| V-32915 | Medium | The mobile operating system must enforce a mandatory access control (MAC) policy that prohibits any application from having both write and execute permissions to a file on the device. | System integrity is dependent on properly controlling what software is executable. When programs are permitted to create or modify files and then subsequently execute those same files, this... |
| V-32917 | Medium | The operating system must prevent access to organization defined security-relevant information except during secure, non-operable system states. | Security-relevant information is any information within the information system potentially impacting the operation of security functions in a manner that could result in failure to enforce the... |
| V-32916 | Medium | The mobile operating system must enforce a mandatory access control (MAC) policy that prohibits any application from accessing the data or code of another application unless such data or code has been expressly allowed by the policy to be a shared resource. | When an application has the ability to access the data and code of another application, it may use that access improperly to obtain sensitive DoD data or perform unauthorized functions, including... |
| V-32919 | Medium | The operating system must enforce information flow control using protected processing domains (e.g., domain type enforcement) as a basis for flow control decisions. | Protected processing domains can be used to separate different data types. The operating system must enforce information flow control to ensure information does not pass into domains that are not... |
| V-32918 | Medium | The operating system must enforce information flow control using explicit security attributes on information, source, and destination objects as a basis for flow control decisions. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33178 | Medium | The operating system must protect the integrity of information during the processes of data aggregation, packaging, and transformation in preparation for transmission. | Information can be subjected to unauthorized changes (e.g., malicious and/or unintentional modification) at information aggregation or protocol transformation points. It is therefore imperative... |
| V-33173 | Medium | The operating system must prevent the execution of prohibited mobile code. | Decisions regarding the employment of mobile code within operating systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale for... |
| V-33109 | Medium | The operating system must employ cryptographic mechanisms to protect the integrity and confidentiality of non-local maintenance and diagnostic communications. | Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal... |
| V-33070 | Medium | The operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users). | To assure accountability and prevent unauthorized access, organizational users shall be identified and authenticated.
Rationale for non-applicability: For the purposes of this SRG, a mobile... |
| V-33105 | Medium | The operating system must employ strong identification and authentication techniques in the establishment of non-local maintenance and diagnostic sessions. | Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal... |
| V-33104 | Medium | The operating system must employ automated mechanisms to restrict the use of maintenance tools to authorized personnel only. | The intent of this control is to address the security-related issues arising from the software brought into the operating system specifically for diagnostic and repair actions (e.g., a software... |
| V-33107 | Medium | The operating system must audit non-local maintenance and diagnostic sessions. | Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal... |
| V-33106 | Medium | The operating system must terminate all sessions and network connections when non-local maintenance is completed. | Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal... |
| V-33101 | Medium | The operating system must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users). | Non-organizational users include all operating system users other than organizational users which include employees or individuals the organization deems to have equivalent status of employees... |
| V-33100 | Medium | The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity, and... |
| V-33103 | Medium | The operating system must automatically terminate emergency accounts after an organization defined time period for each type of account. | When emergency accounts are created, there is a risk that the emergency account may remain in place and active after the need for the account no longer exists. To address this, in the event... |
| V-33102 | Medium | The operating system must implement a configurable capability to automatically disable the operating system if any of the organization defined lists of security violations are detected. | When responding to a security incident a capability must exist allowing authorized personnel to disable a particular system if the system exhibits a security violation and the organization... |
| V-33185 | Medium | The mobile operating system must prevent non-privileged users from circumventing malicious code protection capabilities. | A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it, which enables subsequent attacks. If malicious code protection is... |
| V-33184 | Medium | The operating system must have malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means. | In order to minimize potential negative impact to the organization caused by malicious code, it is imperative that malicious code is identified and eradicated prior to entering protected enclaves... |
| V-33187 | Medium | The operating system must provide a near real-time alert when any of the organization defined list of compromise or potential compromise indicators occurs. | When an intrusion detection security event occurs it is imperative the operating system that has detected the event immediately notify the appropriate support personnel so they can respond... |
| V-33186 | Medium | The operating system must not allow users to introduce removable media into the information system. | Malicious code is known to propagate via removable media such as floppy disks, USB or flash drives, and removable hard drives.
Rationale for non-applicability: Mobile OS devices use removable... |
| V-33181 | Medium | The operating system must install software updates automatically. | Security faults with software applications and operating systems are discovered daily and vendors are constantly updating and patching their products to address newly discovered security... |
| V-33180 | Medium | The operating system must employ organization defined information system components with no writeable storage that are persistent across component restart or power on/off. | Organizations may require operating systems to be non-modifiable or to be stored and executed on non-writeable storage (e.g., there are no CD-ROM drives common on PCs). Use of non-modifiable... |
| V-33189 | Medium | The mobile operating system must prevent a user from using a browser that does not direct its traffic to a DoD proxy server. | Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection, forgoes the protection... |
| V-33198 | Medium | The mobile operating system must not include authentication credentials or other sensitive information in audit records. | Any operating system providing too much information in error logs and in administrative messages to the screen, risks compromising the data and security of the structure and content of error... |
| V-33108 | Medium | The operating system must protect non-local maintenance sessions through the use of a strong authenticator tightly bound to the user. | Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal... |
| V-33783 | Medium | The operating system must use cryptographic mechanisms to protect the integrity of audit information. | Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data.
Rationale for... |
| V-33782 | Medium | The operating system at organization defined information system components must load and execute organization defined applications from hardware-enforced, read-only media. | Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image. Organizations may require the information system to load specified... |
| V-33781 | Medium | The mobile device operating system must have access to DoD root and intermediate PKI certificates when performing DoD PKI related transactions. | DoD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an... |
| V-33199 | Medium | The operating system must reveal error messages to authorized personnel only. | If the operating system provides too much information in error logs and administrative messages to the screen, it could lead to compromise. The structure and content of error messages need to be... |
| V-33784 | Medium | The operating system must protect the audit records resulting from non-local accesses to privileged accounts and the execution of privileged functions. | Protection of audit records and audit data is of critical importance. Care must be taken to ensure privileged users cannot circumvent audit protections put in place. Auditing might not be reliable... |
| V-32906 | Medium | The operating system must provide automated support for account management functions. | A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. Examples include, but... |
| V-32907 | Medium | The operating system must automatically terminate temporary accounts after an organization defined time period for each type of account. | When temporary and emergency accounts are created, there is a risk the temporary account may remain in place and active after the need for the account no longer exists.
Rationale for... |
| V-33062 | Medium | The operating system must conduct backups of user-level information contained in the operating system per organization defined frequency to conduct backups consistent with recovery time and recovery point objectives. | Operating system backup is a critical step in maintaining data assurance and availability.
Rationale for non-applicability: Similar to user workstations and laptops, mobile devices are not... |
| V-33063 | Medium | The operating system must conduct backups of system-level information contained in the information system per organization defined frequency to conduct backups that are consistent with recovery time and recovery point objectives. | Operating system backup is a critical step in maintaining data assurance and availability.
Rationale for non-applicability: Mobile devices do not have assured network connectivity. This type of... |
| V-33119 | Medium | The mobile operating system must prevent non-DoD applications from accessing DoD data when the device supports multiple user environments (e.g., work and personal). | When a device is used for more than one purpose (e.g., work and personal) there is the potential for information from one environment to migrate inappropriately over into another environment.... |
| V-33066 | Medium | The operating system must implement transaction recovery for transaction-based systems. | Recovery and reconstitution constitutes executing an operating system contingency plan comprised of activities to restore essential missions and business functions.
Rationale for... |
| V-33064 | Medium | The operating system must conduct backups of operating system documentation including security-related documentation per organization defined frequency to conduct backups that is consistent with recovery time and recovery point objectives. | Operating system backup is a critical step in maintaining data assurance and availability.
Rationale for non-applicability: Mobile devices do not have assured network connectivity. This type of... |
| V-33112 | Medium | The operating system must separate user functionality (including user interface services) from operating system management functionality. | Operating system management functionality includes functions necessary to administer machine, network components, workstations, or servers, and typically requires privileged user access.... |
| V-33111 | Medium | The operating system must employ cryptographic mechanisms to protect information in storage. | When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and... |
| V-33116 | Medium | The operating system must implement an information system isolation boundary to minimize the number of non-security functions included within the boundary containing security functions. | The operating system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the... |
| V-33117 | Medium | The operating system must implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers. | The operating system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the... |
| V-33114 | Medium | The operating system must isolate security functions from non-security functions. | Operating system management functionality includes functions necessary to administer the operating, network components, workstations, or servers, and typically requires privileged user access.... |
| V-33115 | Medium | The operating system must isolate security functions enforcing access and information flow control from both non-security functions and from other security functions. | The operating system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the... |
| V-33193 | Medium | The operating system must provide automated support for the management of distributed security testing. | The need to verify security functionality applies to all security functions.
Rationale for non-applicability: This requirement is better addressed by CCI-001294, which states the requirement to... |
| V-33190 | Medium | The mobile operating system must protect information obtained from intrusion and integrity monitoring tools from unauthorized access, modification, and deletion. | If an adversary can modify or delete information obtained from intrusion and integrity tools, then the adversary can hide evidence of an attack. Mechanisms to protect such data are necessary to... |
| V-33191 | Medium | The operating system must verify the correct operation of security functions in accordance with organization defined conditions and in accordance with organization defined frequency (if periodic verification). | Security functional testing involves testing the operating system for conformance to the operating system security function specifications, as well as, for the underlying security model. The need... |
| V-33196 | Medium | The operating system must check the validity of information inputs. | Invalid user input occurs when a user inserts data or characters the system is unprepared to process. This results in unanticipated behavior that could lead to a compromise.
Rationale for... |
| V-33197 | Medium | The operating system must identify potentially security relevant error conditions. | The structure and content of error messages need to be carefully considered by the organization. The extent to which the operating system is able to identify and handle error conditions is guided... |
| V-33211 | Medium | The operating system must enforce approved authorizations for controlling the flow of information within the system in accordance with applicable policy. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33210 | Medium | The operating system must enforce an organization defined Discretionary Access Control (DAC) policy that must allow users to specify and control sharing by named individuals or groups of individuals, or by both. | Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices,... |
| V-33213 | Medium | The operating system, when transferring information between different security domains, must detect unsanctioned information. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33212 | Medium | The operating system, when transferring information between different security domains, must implement policy filters constraining data structure and content to organization defined information security policy requirements. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33215 | Medium | The operating system must uniquely identify source domains for information transfer. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33214 | Medium | The operating system, when transferring information between different security domains, must prohibit the transfer of unsanctioned information in accordance with the security policy. | Information flow control regulates where information is allowed to travel within an operating system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33291 | Medium | The mobile operating system must not permit a user to disable the password-protected lock feature on the device. | If the user is able to disable the password-protected lock feature, the user can change the configuration of the device to allow access without a password. The modified configuration would enable... |
| V-33290 | Medium | The mobile operating system must disallow more than an organizationally-defined quantity of sequential numbers (e.g., 456) in the device unlock password. | Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Passwords with sequential numbers (e.g., 456 or 987) are considered... |
| V-33293 | Medium | The mobile operating system must not cache smartcard or certificate store passwords for more than an organizationally-defined time period. | The longer passwords remain in the cache, the more likely it is that malware or other mechanisms will discover them. Once an adversary has obtained a password from the cache, the adversary can... |
| V-33295 | Medium | The mobile operating system must disable access to the devices contact database when the device is locked. | On some devices, users can access the device's contact database to obtain phone numbers and other information using voice-activated Bluetooth peripherals even when the mobile device is locked.... |
| V-33294 | Medium | The mobile operating system must wipe the device upon the MDM agents instruction. | If a system has been known to have been lost or stolen, there is increased risk that an adversary could obtain DoD data residing on the device. Similarly, in some cases system administrators may... |
| V-32991 | Medium | The mobile operating system must give the user the option to deny acceptance of a certificate if the mobile operating system determines that the certificate is invalid. | If the user is aware that a certificate is invalid, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious behavior that indicates an IA incident is in... |
| V-32990 | Medium | The mobile operating system must alert the user if it receives an invalid public-key certificate. | If the user is aware that a certificate is invalid, the user can opt not to proceed or, alternatively, is better prepared to identify suspicious behavior that indicates an IA incident is in... |
| V-32993 | Medium | The mobile operating system must require authentication to access private keys saved in the key certificate store. | The cornerstone of the PKI is the private key used to encrypt or digitally sign information. If the private key is stolen, this will lead to the compromise of the authentication and... |
| V-32994 | Medium | The mobile operating system must enforce complexity requirements for the authentication to access private keys saved in the key certificate stores. | The cornerstone of the PKI is the private key used to encrypt or digitally sign information. If the private key is stolen, this will lead to the compromise of the authentication and... |
| V-32997 | Medium | The mobile operating system must disallow the device unlock password from containing an organizationally-defined minimum number of lower case alphabetic characters. | Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Setting minimum numbers of certain types of characters increases... |
| V-32996 | Medium | The mobile operating system must disallow the device unlock password from containing less than an organizationally-defined minimum number of upper case alphabetic characters. | Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Setting minimum numbers of certain types of characters increases... |
| V-32979 | Medium | The mobile operating system must provide audit record generation capability for the auditable events defined at the organizational level for the mobile device. | The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of... |
| V-32978 | Medium | The operating system must protect against an individual falsely denying having performed a particular action. | Non-repudiation of actions taken is required in order to maintain integrity.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a... |
| V-32970 | Medium | The operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria. | Audit reduction is used to reduce the volume of audit records in order to facilitate manual review. Before a security review information systems and/or applications with an audit reduction... |
| V-32977 | Medium | The operating system must produce audit records on hardware-enforced, write-once media. | The protection of audit records from unauthorized or accidental deletion or modification requires the operating system produce audit records on hardware-enforced write-once media.
Rationale for... |
| V-32976 | Medium | The mobile operating system must protect audit information from unauthorized deletion. | If audit data were to become compromised then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve.
To... |
| V-33206 | Medium | The mobile operating system must alert the Mobile Device Management or Intrusion Detection and Prevention System when it detects integrity check failures. | Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a... |
| V-32999 | Medium | The mobile operating system must force the user to change an organizationally-defined minimum number of characters of the device unlock password whenever the passcode is changed. | If an adversary learns part or all of a password, the adversary can use this information to more easily crack a user's subsequent passwords if the passwords do not differ significantly from one to... |
| V-33204 | Medium | The operating system must validate the binding of the reviewers identity to the information at the transfer/release point prior to release/transfer from one security domain to another security domain. | This non-repudiation control enhancement is intended to mitigate the risk that information could be modified between review and transfer/release particularly when the transfer is occurring between... |
| V-33205 | Medium | The operating system must invoke a system shutdown in the event of an audit failure, unless an alternative audit capability exists. | It is critical when an operating system is at risk of failing to process audit logs as required it takes action to mitigate the failure. If the system were to continue processing without auditing... |
| V-33202 | Medium | The mobile operating system must validate the digital signature on signed software components or applications. | Digital signatures on software components and applications are primary means to determine that the code comes from a trusted source and has not been modified. If the operating system does not... |
| V-33203 | Medium | The operating system must maintain reviewer/releaser identity and credentials within the established chain of custody for all information reviewed or released. | When it comes to data review and data release, there must be a correlation between the reviewed data and the person who performs the review. If the reviewer is a human or if the review function is... |
| V-33200 | Medium | The operating system must support the requirement that organizations, if an information system component failure is detected, must activate an organization defined alarm and/or automatically shuts down the operating system. | Predictable failure prevention requires organizational planning to address system failure issues. If a subsystem of the operating system, hardware, or the operating system itself, is key to... |
| V-33201 | Medium | The operating system must associate the identity of the information producer with the information. | Non-repudiation supports audit requirements to provide the appropriate organizational officials the means to identify who produced specific information in the event of an information... |
| V-33097 | Medium | The operating system must authenticate devices before establishing network connections using bidirectional cryptographically based authentication between devices. | Device authentication is a solution enabling an organization to manage both users and devices.
Rationale for non-applicability: This vulnerability is better addressed by CCI-000780, which ... |
| V-33096 | Medium | The mobile operating system VPN client must employ DoD PKI approved mechanisms for authentication when connecting to DoD networks. | VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able gain access to network resources and sensitive information if they can compromise the... |
| V-33094 | Medium | The mobile operating system must authenticate devices before establishing remote network (e.g., VPN) connections using bidirectional cryptographically based authentication between devices. | Without strong mutual authentication a mobile device may connect to an unauthorized network. In many cases, the user may falsely believe that the device is connected to an authorized network and... |
| V-33093 | Medium | The mobile operating systems Wi-Fi module must use EAP-TLS authentication when authenticating to DoD WLAN authentication servers. | Without strong mutual authentication a mobile device may connect to an unauthorized network. In many cases, the user may falsely believe that the device is connected to an authorized network and... |
| V-33092 | Medium | The mobile operating systems Wi-Fi module must be WPA2 certified (enterprise and personal). | WPA2 is a Wi-Fi certification managed by the Wi-Fi Alliance, a trade association promoting technology based on the IEEE 802.11 communications standard. A product that has received WPA2... |
| V-33208 | Medium | The operating system must produce a system-wide (logical or physical) audit trail composed of audit records in a standardized format. | Audits records can be generated from various components within the operating system. The list of audited events is the set of events for which audits are to be generated. This set of events is... |
| V-33209 | Medium | The operating system must monitor for atypical usage of operating system accounts. | Atypical account usage is behavior that is not part of normal usage cycles, e.g., accounts logging in after hours or on weekends.
Rationale for non-applicability: For the purposes of this SRG, a... |
| V-33015 | Medium | The mobile operating system must protect the integrity of the provisioning data while downloading to the mobile device during a trusted over-the-air (OTA) provisioning session. | Provisioning data includes operating system configuration, key material, and other initialization data. It may be sensitive and therefore must be adequately protected. An adversary within the... |
| V-33014 | Medium | The mobile operating system must protect the confidentiality of the provisioning data while downloading to the mobile device during a trusted over-the-air (OTA) provisioning session. | Provisioning data includes operating system configuration, key material, and other initialization data. It may be sensitive and therefore must be adequately protected. An adversary within the... |
| V-33012 | Medium | The operating system must provide the capability for a privileged administrator to configure organization defined security policy filters to support different security policies. | In order to control changes in policy, a privileged administrator must be able to change policy filters to support different security policies.
Rationale for non-applicability: This vulnerability... |
| V-33011 | Medium | The mobile operating system must notify the user of certificate failures related to digital signatures on software applications or components. | A certificate failure related to a digital signature on software applications or components is strong evidence of a system breach. Notifying the user of such an occurrence allows the user to... |
| V-33010 | Medium | The mobile operating system must notify mobile device management services of certificate failures related to digital signatures on software applications or components. | A certificate failure related to a digital signature on software applications or components is strong evidence of a system breach. Notifying mobile device management services of such an occurrence... |
| V-33167 | Medium | The mobile operating system must grant a downloaded application only the permissions that DoD has authorized for that application. | Mobile operating system applications that are able to perform unintended functions may be able to obtain sensitive information or otherwise compromise system security. The permissions that an... |
| V-33165 | Medium | The Mobile OS must block both the inbound and outbound traffic between instant messaging clients that are independently configured by end users and external service providers or other unapproved DoD systems. | Many instant messaging systems have known vulnerabilities, some of which allow an adversary to install malware on the device. This malware can then be used to obtain sensitive information or... |
| V-33163 | Medium | The operating system must protect the integrity and availability of publicly available information and applications. | The purpose of this control is to ensure organizations explicitly address the protection needs for public information and applications with such protection likely being implemented as part of... |
| V-33161 | Medium | The mobile operating system must employ FIPS validated or NSA approved cryptography to implement digital signatures. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation and NSA approval provides assurance that the relevant cryptography has... |
| V-33160 | Medium | The operating system must employ FIPS validated cryptography to protect information when it must be separated from individuals who have the necessary clearances, yet lack the necessary access approvals. | Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is... |
| V-33778 | Medium | The operating system must prevent public access into an organizations internal networks, except as appropriately mediated by managed interfaces employing boundary protection devices. | Access into an organization's internal network and to key internal boundaries must be tightly controlled and managed. In the case of the operating system, the key boundary may be the workstation... |
| V-33288 | Medium | The operating system must notify, as required, appropriate individuals for account termination. | Monitoring account termination is critical to ensure a denial of service situation does not exist on the operating system. An unexpected account termination can also be a sign that there is a... |
| V-33289 | Medium | The operating system must use cryptographic mechanisms to protect the integrity of audit tools. | Auditing and logging are key components of any security architecture. It is essential security personnel know what is being done, what attempted to be done, where it was done, when it was done,... |
| V-33286 | Medium | The operating system must notify, as required, appropriate individuals when accounts are modified. | Monitoring account modification is critical to ensure only appropriate personnel have access to the operating system. This reduces the possibility that an account will be given more access than is... |
| V-33287 | Medium | The operating system must notify, as required, appropriate individuals when an account is disabled. | Monitoring account disabling is critical to ensure a denial of service situation does not exist on the operating system. An unexpected account deletion can also be a sign that there is a rogue... |
| V-33284 | Medium | The operating system must enforce requirements for the connection of mobile devices to operating systems. | Wireless access introduces security risks which must be addressed through implementation of strict controls and procedures, such as authentication, encryption, and defining what resources that can... |
| V-33285 | Medium | The operating system must notify, as required, appropriate individuals when accounts are created. | Monitoring account creation is critical to ensure only appropriate personnel have access to the operating system. This reduces the possibility a rogue account will be created. In order to... |
| V-33282 | Medium | The operating system must take organization defined list of least disruptive actions to terminate suspicious events. | System availability is a key tenet of system security. Organizations need to have the flexibility to be able to define the automated actions taken in response to an identified incident. This... |
| V-33283 | Medium | The operating system must respond to security function anomalies in accordance with organization defined responses and alternative action(s). | The need to verify security functionality applies to all security functions.
Rationale for non-applicability: This vulnerability is better addressed by CCI-001297, which addresses responding to... |
| V-33280 | Medium | The operating system must preserve organization defined system state information in the event of a system failure. | Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality,... |
| V-32968 | Medium | The operating system audit records must be able to be used by a report generation capability. | Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify a network element that has been... |
| V-32960 | Medium | The mobile operating system must allocate sufficient audit record storage capacity for 24 hours of operation. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes timestamps, source... |
| V-32961 | Medium | The mobile operating system must send alerts to the mobile device management server when the audit log size reaches an organization defined critical percentage of capacity and full capacity. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes timestamps, source... |
| V-32962 | Medium | The mobile operating system must alert the mobile device management server in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures... |
| V-32965 | Medium | The mobile operating system must provide a real-time alert to the mobile device management server when organization defined audit failure events occur. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures... |
| V-32966 | Medium | The operating system must support the capability to centralize the review and analysis of audit records from multiple components within the system. | Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a... |
| V-32967 | Medium | The operating system must support an audit reduction capability. | Audit reduction is used to reduce the volume of audit records in order to facilitate manual review. Before a security review information systems and/or applications with an audit reduction... |
| V-33273 | Medium | The operating system uniquely must authenticate destination domains for information transfer. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33272 | Medium | The operating system uniquely must identify destination domains for information transfer. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33270 | Medium | The mobile operating system must prohibit modifications to software libraries unless performed as part of a software installation or update from a trusted source. | When dealing with change control issues, it should be noted that any changes to the hardware, software, and/or firmware components of the operating system can potentially have significant effects... |
| V-33277 | Medium | The operating system must enforce password complexity by the number of special characters used. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Requiring a minimum number of special characters is one way to... |
| V-33276 | Medium | The operating system must ensure unauthorized, security relevant configuration changes detected are tracked. | Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Security-related parameters are those parameters... |
| V-33275 | Medium | The operating system must enforce a Discretionary Access Control (DAC) policy that limits propagation of access rights. | Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices,... |
| V-33274 | Medium | The operating system must track problems associated with the information transfer. | When an operating system transfers data, there is the chance an error or problem with the data transfer may occur. The operating system needs to track failures and any problems encountered when... |
| V-33084 | Medium | The operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | To assure individual accountability and prevent unauthorized access, organizational users shall be individually identified and authenticated.
Rationale for non-applicability: For the purposes of... |
| V-33085 | Medium | The operating system must use multifactor authentication for network access to privileged accounts where one of the factors is provided by a device separate from the information system being accessed. | Multifactor authentication is defined as using two or more factors to achieve authentication.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system does not... |
| V-33279 | Medium | The operating system must take corrective actions, when unauthorized mobile code is identified. | Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale... |
| V-33087 | Medium | The operating system must use organization defined replay-resistant authentication mechanisms for network access to privileged accounts. | An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
Rationale for... |
| V-33086 | Medium | The operating system must use multifactor authentication for network access to non-privileged accounts where one of the factors is provided by a device separate from the operating system being accessed. | Multifactor authentication is defined as using two or more factors to achieve authentication.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system does not... |
| V-33082 | Medium | The operating system must use multifactor authentication for local access to privileged accounts. | Multifactor authentication is defined as using two or more factors to achieve authentication.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed... |
| V-33083 | Medium | The operating system must use multifactor authentication for local access to non-privileged accounts. | Multifactor authentication is defined as using two or more factors to achieve authentication.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed... |
| V-33005 | Medium | The mobile operating system must enforce a minimum length for the device unlock password. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many times an... |
| V-33006 | Medium | The operating system must enforce approved authorizations for logical access to the system in accordance with applicable policy. | Strong access controls are critical to securing data. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms... |
| V-33007 | Medium | The operating system, when transferring information between different security domains, must identify information flows by data type specification and usage. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33000 | Medium | The mobile operating system must encrypt passwords stored on the mobile device. | Passwords need to be protected at all times and encryption is the standard method for protecting passwords while in storage so unauthorized users/processes cannot gain access. If an adversary... |
| V-33002 | Medium | The operating system must enforce minimum password lifetime restrictions. | Passwords need to be changed at specific policy based intervals, however if the information system or application allows the user to immediately and continually change their password then the... |
| V-33089 | Medium | The mobile operating systems Bluetooth module must enforce pairing using a randomly generated passkey size of at least 6 digits. | When done properly, Bluetooth pairing prevents rogue devices from communicating with the operating system. If a rogue device is paired with the mobile device, then there is the potential for the... |
| V-33175 | Medium | The operating system must prevent the automatic execution of mobile code in organization defined software applications and must require organization defined actions prior to executing the code. | Decisions regarding the employment of mobile code within operating systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale for... |
| V-33176 | Medium | The operating system must fail to an organization defined known state for organization defined types of failures. | Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. It helps prevent a loss of confidentiality, integrity, or availability in... |
| V-33177 | Medium | The operating system must protect the confidentiality and integrity of information at rest. | This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to... |
| V-33008 | Medium | The operating system, when transferring information between different security domains, must decompose information into policy-relevant subcomponents for submission to policy enforcement mechanisms. | Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and... |
| V-33171 | Medium | Only DoD PKI issued or DoD approved server authentication certificates may be installed on DoD mobile operating system devices. | If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the... |
| V-33172 | Medium | The operating system must implement detection and inspection mechanisms to identify unauthorized mobile code. | Decisions regarding the employment of mobile code within operating systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale for... |
| V-33081 | Medium | The operating system must use multifactor authentication for network access to non-privileged accounts. | Multifactor authentication is defined as using two or more factors to achieve authentication.
Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed... |
| V-33780 | Medium | The operating system must prevent remote devices that have established a non-remote connection with the system from communicating outside of the communication path with resources in external networks. | This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings not configurable by the user of the device. An example of a non-remote... |
| V-32981 | Medium | The mobile operating system must generate audit records for the DoD-required auditable events. | The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of... |
| V-33091 | Medium | The operating system must authenticate devices before establishing remote network connections using bidirectional cryptographically based authentication between devices. | Device authentication is a solution enabling an organization to manage devices.
Rationale for non-applicability: This vulnerability is better addressed by CCI-000780, which is very similar but... |
| V-33260 | Medium | The operating system must enforce the organization defined time period during which the limit of consecutive invalid access attempts by a user is counted. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the... |
| V-33261 | Medium | The operating system must use cryptography to protect the integrity of remote access sessions. | Remote access is any access to an organizational operating system by a user (or an information system) communicating through an external, non-organization-controlled network.
Rationale for... |
| V-33262 | Medium | The mobile operating system must log an audit event for each instance when a remote process uses mobile device management mechanisms for accessing the device security configuration settings. | Mobile device management (MDM) provides IA services to mobile devices but it also represents a threat to those devices. If an adversary were able to take control of the MDM or masquerade as the... |
| V-33263 | Medium | The operating system must provide the capability to capture/record and log all content related to a user session. | Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or... |
| V-33264 | Medium | The operating system must enforce a Discretionary Access Control (DAC) policy that includes or excludes access to the granularity of a single user. | Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices,... |
| V-33266 | Medium | The mobile operating system must produce audit records containing sufficient information to establish the identity of any user or subject associated with the event. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes timestamps, source... |
| V-33267 | Medium | The operating system must protect audit tools from unauthorized access. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data.
Rationale for non-applicability: A mobile OS typically does not have local audit or... |
| V-33268 | Medium | The operating system must protect audit tools from unauthorized modification. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data.
Rationale for non-applicability: A mobile OS typically does not have local audit or... |
| V-33269 | Medium | The operating system must protect audit tools from unauthorized deletion. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data.
Rationale for non-applicability: A mobile OS typically does not have local audit or... |
| V-33179 | Medium | The operating system at organization defined information system components must load and execute the operating environment from hardware-enforced, read-only media. | Organizations may require the information system to load the operating environment from hardware-enforced read-only media. The term operating environment is defined as the code upon which... |
| V-33148 | Medium | The operating system must produce, control, and distribute symmetric and asymmetric cryptographic keys using NSA approved key management technology and processes. | Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures.
Rationale for non-applicability: This control... |
| V-33207 | Medium | The operating system must back up audit records on an organization defined frequency onto a different system or media than the system being audited. | Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited, on... |
| V-33141 | Medium | The mobile operating systems Wi-Fi module must use AES-CCMP encryption when connecting to a DoD network. | If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. Some WPA2 certified Wi-Fi implementations use Temporal Key Integrity Protocol (TKIP),... |
| V-33140 | Medium | The mobile operating systems Bluetooth stack must use 128-bit Bluetooth encryption when performing data communications with other Bluetooth devices. | If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. 128-bit Bluetooth encryption for data communications mitigates the risk of unauthorized... |
| V-33143 | Medium | The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures. | Ensuring the confidentiality of transmitted information requires operating systems take feasible measures to employ transmission layer security. This requirement applies to communications across... |
| V-33142 | Medium | The mobile operating system must encrypt all data in transit using AES encryption when communicating with DoD information resources (128-bit key length is the minimum requirement; 256-bit desired). | If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. AES encryption with 128-bit (or longer) keys mitigates the risk of unauthorized... |
| V-33248 | Medium | The mobile operating system must maintain the binding of digital signatures on software components and applications in process. | Digital signatures enable the system to verify the integrity of the signed object and authenticate the object's signatory. Failure to maintain the binding of digital signatures on software... |
| V-33147 | Medium | The mobile operating system must produce, control, and distribute cryptographic keys using NIST or NSA approved key management technology and processes if it produces, controls, or distributes cryptographic keys. | Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. NIST technology and processes must be used for... |
| V-33146 | Medium | The operating system must establish a trusted communications path between the user and organization defined security functions within the operating system. | The user interface must provide an unspoofable and faithful communication channel between the user and any entity trusted to manipulate authorities on the user's behalf. A trusted path shall be... |
| V-33174 | Medium | The operating system must prevent the download of prohibited mobile code. | Decisions regarding the employment of mobile code within operating systems are based on the potential for the code to cause damage to the system if used maliciously.
Rationale for... |
| V-33120 | Medium | The operating system must not share resources used to interface with systems operating at different security levels. | The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on... |
| V-33168 | Medium | The mobile operating system must validate the integrity of a downloaded applications manifest before granting the application permissions on the device, if the operating system uses a manifest or similar mechanism external to application code to grant application permissions. | If an adversary can modify an application's manifest (when the mobile OS supports this approach), then the adversary can add additional permissions that would enable it to perform unauthorized... |
| V-33278 | Medium | The operating system must protect non-local maintenance sessions by separating the maintenance session from other network sessions with the information system by either physically separated communications paths or logically separated communications paths. | This is a requirement that maintenance needs to be done on a separate interface or encrypted channel to segment maintenance activity from regular usage. When performing non-local maintenance,... |
| V-32955 | Low | The mobile operating system must include the software component (e.g., user application, or operating system security module) that generated each event in audit logs. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes timestamps, source... |
| V-32954 | Low | The mobile operating system must produce audit records containing date and timestamps (to one second resolution) for every event. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes timestamps, source... |
| V-32957 | Low | The mobile operating system must produce audit records containing sufficient information to establish the outcome (success or failure) of the events. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes timestamps, source... |
| V-32953 | Low | The mobile operating system must produce audit records containing the severity level of each recorded event. | Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes timestamps, source... |
| V-32958 | Low | The mobile operating system must include organization defined additional, more detailed information in the audit records for audit events identified by type, location, or subject. | Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes timestamps,... |
| V-32936 | Low | The mobile operating system, upon successful startup unlock, must display to the user the date and time of the last successful unlock or access. | Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the date and time of their last successful startup unlock allows the user to... |
| V-32935 | Low | The mobile operating system must retain the notification message or banner on the screen preventing further activity until the user executes a positive action to manifest agreement by selecting a box indicating acceptance. | To establish acceptance of system usage policy, a click-through banner at startup device unlock is required. The banner must prevent further activity on the application unless and until the user... |
| V-32934 | Low | The mobile operating system must display the DoD warning banner exactly as specified at startup device unlock. | The operating system is required to display the DoD approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent... |
| V-32939 | Low | The mobile operating system, upon successful unlock, must display to the user the number of unsuccessful unlock attempts since the last successful device unlock. | Users need to be aware of activity that occurs regarding their mobile device. Providing users with information regarding the number of unsuccessful attempts that were made to login to their... |
| V-32983 | Low | The mobile operating system, for PKI-based authentication must validate certificates by querying the certification authority for revocation status of the certificate. | Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Failure to verify a certificate's revocation status can result in... |
| V-33130 | Low | The mobile operating system must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port. | Open ports provide an attack surface that an adversary can then potentially use to breach system security. If an adversary can communicate with the mobile device from any IP address, then the... |
| V-33779 | Low | The mobile operating systems Bluetooth module must support the capability for a system administrator to create a non-user-modifiable white list of Bluetooth devices that are authorized to pair to the mobile device. | If a rogue device can connect to the mobile device, there is the potential for the rogue device to obtain sensitive information. One mechanism for preventing this occurrence is to enforce a white... |
| V-33785 | Low | The mobile operating system must obscure passwords on the devices display when they are entered on the device. | To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system shall not provide any information allowing an... |
| V-33118 | Low | The mobile operating system must prevent DoD applications from accessing non-DoD data when the device supports multiple user environments (e.g., work and personal) if such access has not been approved. | When a device is used for more than one purpose (e.g., work and personal) there is the potential for information from one environment to migrate inappropriately over into another environment.... |
| V-33110 | Low | The mobile operating system must cryptographically bind the removable media to the mobile device so data stored on the removable media can only be read by that mobile device. | When data is written to portable digital media, such as thumb drives, floppy diskettes, compact disks, and magnetic tape, etc., there is risk of data loss. Cryptographically binding the removable... |
| V-33194 | Low | The mobile operating system must conduct a device integrity scan on a minimum organizationally-defined periodic basis. | Unauthorized changes to the operating system software or information on the system can possibly result in integrity or availability concerns. In order to quickly react to this situation, the... |
| V-33296 | Low | The mobile operating system must enable a system administrator to (i) select which data fields will be available to applications outside of the contact database application and (ii) limit the number of contact database fields accessible outside of a work persona in the case of dual persona phones. | The contact database often contains a significant amount of information beyond each person's name and phone number. The records may contain addresses and other identifying or sensitive information... |
| V-32992 | Low | The mobile operating system must not accept certificate revocation information without verifying its authenticity. | If the operating system does not verify the authenticity of revocation information, there is the potential that an authorized system is providing false information. Acceptance of the false... |
| V-32995 | Low | The mobile operating system browser must support public-key certificate-based authentication to remote information systems. | The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. The... |
| V-32973 | Low | The mobile operating system must protect audit information from unauthorized read access. | If audit data were to become compromised then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve.
To... |
| V-32972 | Low | The mobile operating system must synchronize the internal clock on an organizationally-defined periodic basis with an authoritative time server or the Global Positioning System. | Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events.
Periodically synchronizing... |
| V-32971 | Low | The mobile operating system must use internal system clocks to generate timestamps for audit records. | Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.
Timestamps generated by the information system... |
| V-32975 | Low | The mobile operating system must protect audit information from unauthorized modification. | If audit data were to become compromised then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve.
To... |
| V-32986 | Low | The mobile operating system must give the user the option to deny acceptance of a certificate if it cannot verify the certificates revocation status. | The mobile operating system must give the user the option to deny acceptance of a certificate if it cannot verify the certificate's revocation status. |
| V-33016 | Low | The mobile operating system must support the capability for the system administrator to disable over-the-air (OTA) provisioning. | In some environments, the risk of OTA provisioning may outweigh any convenience benefit it offers. In such cases, the administrator should have the ability to disable OTA provisioning to ensure... |
| V-32963 | Low | The mobile operating system must overwrite the oldest audit log entries when audit logs reach capacity. | It is critical when a system is at risk of failing to process audit logs as required; it detects and takes action to mitigate the failure. Overwriting the oldest audit log entries is the best... |
| V-32964 | Low | The mobile operating system must provide a warning to the mobile device management server when allocated audit record storage volume reaches an organization defined percentage of maximum audit record storage capacity. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures... |
| V-33004 | Low | The mobile operating system must prohibit a user from reusing an organizationally-defined number of previously used device unlock passwords. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Remembering a specified number of prior device unlock passwords... |
| V-33003 | Low | The mobile operating system must enforce an organizationally-defined maximum lifetime for the device unlock password (password age). | Changing passcodes regularly prevents an attacker who has compromised the password from re-using it to regain access. This is an unlikely scenario, but is addressed by setting a password... |
| V-32985 | Low | The mobile operating system must notify the user if it cannot verify the revocation status of the certificate. | If the user is aware that the revocation status of a certificate could not be verified, the user is better prepared to identify suspicious behavior that indicates an IA incident is in progress.... |
| V-33243 | Low | The mobile operating system must use automated mechanisms to detect the presence of unauthorized software on organizational information systems and notify designated organizational officials in accordance with the organization defined frequency. | Unauthorized software poses a risk to the device because it could potentially perform malicious functions, including but not limited to gathering sensitive information, searching for other system... |
| V-33145 | Low | The mobile operating system must terminate the network connection when an application requests termination, or after an organization defined time period of inactivity. | If communications sessions remain open for extended periods of time even when unused, there is the potential for an adversary to highjack the session and use it to gain access to the device or... |
