The mobile operating system must wipe data on both embedded storage and removable media when performing a data wipe function.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33234 | SRG-OS-000227-MOS-000115 | SV-43652r1_rule | Medium |
| Description |
|---|
| Sensitive data may be resident on both embedded and removable memory. If the operating system only performs the wipe function on one type of memory, then this will leave the other vulnerable. Ensuring the wipe occurs on both embedded and removable memory mitigates this risk. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41529r3_chk ) |
|---|
| Review system documentation and operating system configuration to determine if mobile operating system wipes data on both embedded and removable memory when performing a data wipe function. If feasible, on a spare device, test that the control is enforced by entering the requisite number of incorrect passwords. If the system is not configured to wipe both embedded and removable memory, this is a finding. |
| Fix Text (F-37679r2_fix) |
|---|
| Configure the operating system to wipe data on both internal memory and removable media when performing a data wipe function. |