Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must not permit mobile service carriers to have privileged access to the operating system or perform any function not directed by the user.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33058 | SRG-OS-000095-MOS-000062 | SV-43456r1_rule | High |
| Description |
|---|
| Permitting mobile service carriers access to the mobile operating system leaves the device vulnerable to breach from rogue elements within the carrier infrastructure. Mobile service carriers are not subject to the same personnel, operational, and technical controls as DoD organizations. For example, its employees in most cases do not have active DoD clearances. When a mobile service carrier must update software or configuration on a mobile device, these updates must come from a DoD approved source, which in many cases is the vendor of the MOS software. Preventing mobile service carrier access to mobile operating systems greatly mitigates the risk associated with this vulnerability. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41327r1_chk ) |
|---|
| Review MOS documentation, IA information resources, and mobile service contracts to determine if the mobile service carrier requires or expects privileged access to the mobile operating system or any other access that is not directed by the user. If such access is present, this is a finding. |
| Fix Text (F-36958r1_fix) |
|---|
| Configure the mobile operating system to disallow mobile service carrier access to the device. |