The mobile operating system browser must support public-key certificate-based authentication to remote information systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32995 | SRG-OS-000068-MOS-000043 | SV-43393r1_rule | Low |
| Description |
|---|
| The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. The authenticated identity must be mapped to an account for access and authorization decisions. This capability strengthens authentication to remote information systems and thus makes it less likely that such systems will be compromised. Mobile devices without default PKI authentication capability in the browser may mitigate this through the use of authorized third-party browsers. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41292r1_chk ) |
|---|
| Inspect the mobile operating system configuration for a browser to support public-key certificate-based authentication to remote information systems. If the default system browser does not meet this requirement, an authorized third-party browser may be used for compliance. If no browser supports public-key certificate-based authentication to remote information systems or unauthorized browsers are used for authentication, this is a finding. |
| Fix Text (F-36907r1_fix) |
|---|
| Configure the operating system browser to support public-key certificate-based authentication to remote information systems. |