Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33239 | SRG-OS-000230-MOS-000119 | SV-43657r1_rule | Medium |
Description |
---|
Encryption is only effective if the decryption procedure is protected. If an adversary can easily access the private key (either directly or through a software application), sensitive DoD data is likely to be disclosed. Password protection is one method to reduce the likelihood of such an occurrence. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41535r1_chk ) |
---|
Verify the mobile operating system configuration is set to prompt for a password prior to unencrypting data on the mobile device. In many cases, the transaction may involve the entry of a CAC PIN, which still satisfies the requirement. If data is accessible without entering a password at any point when using the device, this is a finding. |
Fix Text (F-37169r1_fix) |
---|
Configure the operating system to require a valid password be successfully entered before the mobile device data is unencrypted. |