UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must not automatically execute applications without user direction.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32951 SRG-OS-000035-MOS-000012 SV-43349r1_rule High
Description
Auto execution vulnerabilities can result in malicious programs being automatically executed. Examples of information system functionality providing the capability for automatic execution of code are Auto Run and Auto Play. Auto Run and Auto Play are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted. This requirement is designed to address vulnerabilities that arise when mobile devices are automatically mounted and applications are automatically invoked without user knowledge or acceptance. Applications that can be executed without user (or mobile device management) direction may be used to access sensitive information or otherwise compromise system integrity to launch subsequent attacks. Requiring the user take action to permit the execution of an application makes it more likely that malware will be identified and kept off of mobile devices.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41252r1_chk )
Review the mobile operating system configuration to determine if automatic execution is disabled. If applications are able to execute without user or mobile device management direction, this is a finding.
Fix Text (F-36866r1_fix)
Modify the operating system configuration to disable automatic execution of applications on the device without user or mobile device management direction.