UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must protect the confidentiality of the provisioning data while downloading to the mobile device during a trusted over-the-air (OTA) provisioning session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33014 SRG-OS-000087-MOS-000057 SV-43412r1_rule Medium
Description
Provisioning data includes operating system configuration, key material, and other initialization data. It may be sensitive and therefore must be adequately protected. An adversary within the general proximity of the mobile device can eavesdrop on OTA transactions, making them particularly vulnerable to attack if confidentiality protections are not in place. An adversary within the general proximity of the mobile device can eavesdrop on OTA transactions, making them particularly vulnerable to attack if confidentiality protections are not in place. Proper use of cryptography provides strong assurance that provisioning data is protected against confidentiality attacks.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41312r1_chk )
Review system documentation and operating system configuration to determine if there is appropriate cryptography protecting the confidentiality of OTA provisioning. If the provisioning data is not protected by cryptographic means during an OTA provisioning procedure, this is a finding.
Fix Text (F-36927r1_fix)
Configure the operating system to use cryptography providing confidentiality for provisioning downloads.