The mobile operating system must notify mobile device management services of certificate failures related to digital signatures on software applications or components.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33010 | SRG-OS-000084-MOS-000054 | SV-43408r1_rule | Medium |
| Description |
|---|
| A certificate failure related to a digital signature on software applications or components is strong evidence of a system breach. Notifying mobile device management services of such an occurrence allows the enterprise to assess the situation, contain the breach if one exists, and possibly invoke incident response procedures. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41308r1_chk ) |
|---|
| Review the mobile operating system configuration for notification of certificate failures related to digital signatures on software applications or components to mobile device management services. If the mobile operating system does not notify the mobile device management services of certificate failures related to digital signatures on software applications or components, this is a finding. |
| Fix Text (F-36923r1_fix) |
|---|
| Configure the mobile operating system to notify mobile device management services of certificate failures related to digital signatures on software applications or components. |