UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must validate the digital signature on signed software components or applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33202 SRG-OS-000209-MOS-000112 SV-43602r1_rule Medium
Description
Digital signatures on software components and applications are primary means to determine that the code comes from a trusted source and has not been modified. If the operating system does not validate these digital signatures, then there is the potential for malware to infiltrate the device. Validating digital signatures assures that the digital signature control properly mitigates the risk that malware will be installed or execute on the system.
STIG Date
Mobile Operating System Security Requirements Guide 2013-04-12

Details

Check Text ( C-41465r1_chk )
Review system documentation and operating system configuration to determine if the digital signatures on software components and applications are being validated. If higher assurance is required, provide the operating system with a software application that has an invalid signature to verify the operating system can detect the invalid signature. If the system fails this test or documentation or configuration shows that the capability is not present, this is a finding.
Fix Text (F-37105r1_fix)
Configure the operating system to validate the digital signature on signed software components or applications.