UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must not permit a user to disable the password-protected lock feature on the device.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33291 SRG-OS-999999-MOS-000134 SV-43710r1_rule Medium
Description
If the user is able to disable the password-protected lock feature, the user can change the configuration of the device to allow access without a password. The modified configuration would enable an adversary with access to the device to obtain DoD information and possibly other information resources on other systems. An operating system that does not allow a user to disable this feature mitigates the risk of this attack. In cases in which the mobile operating system relies on another application for protected data storage (e.g., if FIPS 140-2 validated encryption for unclassified use is not native to the device), then this requirement applies to both the device lock password and the password to the data storage application.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41588r1_chk )
Review the mobile operating system configuration for prohibiting a user to disable the password-protected lock feature on the device. If the mobile operating system allows the user to disable the password-protected lock feature, this is a finding.
Fix Text (F-37221r1_fix)
Configure the operating system to prohibit a user from disabling the password-protected lock feature.