UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must wipe data on both embedded storage and removable media when performing a data wipe function.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33234 SRG-OS-000227-MOS-000115 SV-43652r1_rule Medium
Description
Sensitive data may be resident on both embedded and removable memory. If the operating system only performs the wipe function on one type of memory, then this will leave the other vulnerable. Ensuring the wipe occurs on both embedded and removable memory mitigates this risk.
STIG Date
Mobile Operating System Security Requirements Guide 2013-04-12

Details

Check Text ( C-41529r3_chk )
Review system documentation and operating system configuration to determine if mobile operating system wipes data on both embedded and removable memory when performing a data wipe function. If feasible, on a spare device, test that the control is enforced by entering the requisite number of incorrect passwords. If the system is not configured to wipe both embedded and removable memory, this is a finding.
Fix Text (F-37679r2_fix)
Configure the operating system to wipe data on both internal memory and removable media when performing a data wipe function.