Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33294 | SRG-OS-999999-MOS-000137 | SV-43713r1_rule | Medium |
Description |
---|
If a system has been known to have been lost or stolen, there is increased risk that an adversary could obtain DoD data residing on the device. Similarly, in some cases system administrators may know or strongly suspect that a device contains malware or is compromised in a manner that poses a significant threat to the enterprise network. In such circumstances, the IAO may determine that the safest course of action is to have a systems administrator remotely issue a command to wipe all data on the device. This action would render the device inoperable and prevent anyone from accessing the data stored on it. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-04-12 |
Check Text ( C-41591r1_chk ) |
---|
Review system documentation and operating system configuration to determine if a systems administrator has the capability to remotely wipe all storage media on the device. If feasible, on a spare device, test that the control in enforced by using the remote mechanism to wipe the device. The device should be inoperable after the wipe process. If the system is not configured for the device wipe functionality, this is a finding. |
Fix Text (F-37224r1_fix) |
---|
Configure the operating system and MDM agent to permit the agent to wipe the device upon the appropriate command. |