Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33242 | SRG-OS-000231-MOS-000122 | SV-43660r1_rule | Medium |
Description |
---|
Authentication may occur either by reentry of the device unlock passcode at the time of connection, through another passcode with the same or stronger complexity, or through PKI certificates. Authentication mitigates the risk that an adversary who obtains physical possession of the device is not able to use the tethered connection to access sensitive data on the device or otherwise tamper with its operating system or applications. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41538r1_chk ) |
---|
Review the mobile operating system configuration to assess how the mobile OS handles tethered connections. Determine if authentication is required to establish a tethered connection. If authentication is not required, this is a finding. |
Fix Text (F-37172r1_fix) |
---|
Configure the operating system to require authentication of tethered connections. |