The mobile operating system must prevent the installation of applications that are not digitally signed with a DoD approved private key.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33052 | SRG-OS-000090-MOS-000060 | SV-43450r1_rule | High |
| Description |
|---|
| Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Digital signatures on code provide assurance that the code comes from a known source and has not been modified. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41321r1_chk ) |
|---|
| Review the mobile operating system configuration for preventing installation of applications that are not digitally signed with a DoD approved private key. If the mobile operating system does not prevent the installation of applications that are not digitally signed with a DoD approved private key, this is a finding. |
| Fix Text (F-36952r1_fix) |
|---|
| Configure the operating system to prevent the installation of applications that are not digitally signed with a DoD approved private key. |