The mobile operating system must authenticate tethered connections to the device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33242	SRG-OS-000231-MOS-000122	SV-43660r1_rule		Medium

Description
Authentication may occur either by reentry of the device unlock passcode at the time of connection, through another passcode with the same or stronger complexity, or through PKI certificates. Authentication mitigates the risk that an adversary who obtains physical possession of the device is not able to use the tethered connection to access sensitive data on the device or otherwise tamper with its operating system or applications.

Description

Authentication may occur either by reentry of the device unlock passcode at the time of connection, through another passcode with the same or stronger complexity, or through PKI certificates. Authentication mitigates the risk that an adversary who obtains physical possession of the device is not able to use the tethered connection to access sensitive data on the device or otherwise tamper with its operating system or applications.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41538r1_chk )
Review the mobile operating system configuration to assess how the mobile OS handles tethered connections. Determine if authentication is required to establish a tethered connection. If authentication is not required, this is a finding.

Fix Text (F-37172r1_fix)
Configure the operating system to require authentication of tethered connections.