UCF STIG Viewer Logo

The mobile operating system must prohibit wireless remote access connections except for personal hotspot service.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33241 SRG-OS-000231-MOS-000121 SV-43659r2_rule Medium
Description
The device acts as a personal hotspot when it accepts remote connections on a local area network interface for the purposes of routing traffic to a wide area network interface. The most common implementation is to accept local area Wi-Fi connections to reach ISP service provided by a cellular data carrier. The objective is to ensure the remote devices are not able to access any applications, data, or other operating system functionality on the device. A core assumption of the MOS SRG is that mobile devices do not serve applications to remote devices. This control concerns remote access to the devices OS; if remote access to applications and data were feasible, this would open up a wide variety of vulnerabilities in which an adversary with a remote wireless capability could breach system security. Precluding this possibility greatly mitigates the risk of such an attack.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41537r2_chk )
Review the mobile operating system configuration to assess how the mobile OS handles remote connections. Establish a remote connection to the device over its local area network interface. Determine if applications or data are accessible. If either an application or data is accessible, this is a finding.
Fix Text (F-37171r1_fix)
Configure the operating system to prohibit remote access connections for anything other than personal hotspot service.