The mobile operating system must employ malicious code protection mechanisms to detect and eradicate malicious code from installing and executing.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33281	SRG-OS-000270-MOS-000132	SV-43700r1_rule		High

Description
In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can result in the disclosure of sensitive information or cause a denial of service. Anti-virus applications are not common on mobile operating systems but one or more methods to mitigate the risk of malware must be in place to protect DoD information and networks.

Description

In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can result in the disclosure of sensitive information or cause a denial of service. Anti-virus applications are not common on mobile operating systems but one or more methods to mitigate the risk of malware must be in place to protect DoD information and networks.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41578r2_chk )
Review the mobile operating system configuration for employing malicious code protection mechanisms to detect and eradicate malicious code from installing and executing. If malicious code protection is missing or inadequate, this is a finding.

Fix Text (F-37211r2_fix)
Configure the mobile operating system to employ malicious code protection mechanisms to detect and eradicate malicious code from installing and executing.