UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must not permit a user to remove organizationally required applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33057 SRG-OS-000095-MOS-000061 SV-43455r1_rule Medium
Description
Organizationally required applications are present on the device because they support the organization's mission. Therefore, their absence degrades mission performance. Preventing the removal of such applications provides mission assurance. The primary focus of this control concerns IA applications that monitor the integrity of software on the mobile device and enforce configuration controls. Removal of these applications would significantly degrade the IA posture of the device. Therefore, not permitting a user to remove them is critical to IA. In cases in which such applications cannot be removed, an acceptable alternative to mitigate risk is to prevent access to DoD resources when the required applications are not present.
STIG Date
Mobile Operating System Security Requirements Guide 2013-04-12

Details

Check Text ( C-41326r1_chk )
Review the mobile operating system configuration to determine if the operating system permits a user to remove organizationally required applications. Identify the list of organizationally required applications and attempt to delete a sample of them to determine if the control is being enforced. If it is possible to remove the application, check that the removal disables access to DoD information resources. If a required application can be removed by a user or if removal does not disable further access to DoD resources, this is a finding.
Fix Text (F-36957r1_fix)
Configure the operating system to prevent users from removing organizationally required applications or configure the operating system to disable access to DoD information resources when such applications are removed.