UCF STIG Viewer Logo

The mobile operating system must not permit mobile service carriers to have privileged access to the operating system or perform any function not directed by the user.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33058 SRG-OS-000095-MOS-000062 SV-43456r1_rule High
Description
Permitting mobile service carriers access to the mobile operating system leaves the device vulnerable to breach from rogue elements within the carrier infrastructure. Mobile service carriers are not subject to the same personnel, operational, and technical controls as DoD organizations. For example, its employees in most cases do not have active DoD clearances. When a mobile service carrier must update software or configuration on a mobile device, these updates must come from a DoD approved source, which in many cases is the vendor of the MOS software. Preventing mobile service carrier access to mobile operating systems greatly mitigates the risk associated with this vulnerability.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41327r1_chk )
Review MOS documentation, IA information resources, and mobile service contracts to determine if the mobile service carrier requires or expects privileged access to the mobile operating system or any other access that is not directed by the user. If such access is present, this is a finding.
Fix Text (F-36958r1_fix)
Configure the mobile operating system to disallow mobile service carrier access to the device.