Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must prohibit wireless remote access connections except for personal hotspot service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33241 | SRG-OS-000231-MOS-000121 | SV-43659r2_rule | Medium |
| Description |
|---|
| The device acts as a personal hotspot when it accepts remote connections on a local area network interface for the purposes of routing traffic to a wide area network interface. The most common implementation is to accept local area Wi-Fi connections to reach ISP service provided by a cellular data carrier. The objective is to ensure the remote devices are not able to access any applications, data, or other operating system functionality on the device. A core assumption of the MOS SRG is that mobile devices do not serve applications to remote devices. This control concerns remote access to the devices OS; if remote access to applications and data were feasible, this would open up a wide variety of vulnerabilities in which an adversary with a remote wireless capability could breach system security. Precluding this possibility greatly mitigates the risk of such an attack. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-04-12 |
Details
| Check Text ( C-41537r2_chk ) |
|---|
| Review the mobile operating system configuration to assess how the mobile OS handles remote connections. Establish a remote connection to the device over its local area network interface. Determine if applications or data are accessible. If either an application or data is accessible, this is a finding. |
| Fix Text (F-37171r1_fix) |
|---|
| Configure the operating system to prohibit remote access connections for anything other than personal hotspot service. |