Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The organization must make a risk-based determination, prior to installation of CMD applications on non-enterprise activated CMDs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-055 | SRG-MPOL-055 | SRG-MPOL-055_rule | Medium |
| Description |
|---|
| CMD applications can be written and published very quickly without a thorough life cycle management process or security assessment. It is critical that all applications that reside on CMDs go through the same rigorous security evaluation as a typical COTs product, so as not to introduce malware or additional risk to DoD information and networks. Installation of an application should only happen after a risk-based determination by the CIO, has been made. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-055_chk ) |
|---|
| Review documentation showing a security risk analysis was performed by the CIO prior to approving applications for use on non-enterprise activated CMDs. If CMD applications are installed on non-enterprise activated CMDs that have not been approved by the CIO, this is a finding. |
| Fix Text (F-SRG-MPOL-055_fix) |
|---|
| Ensure only CMD applications approved by the CIO, after a risk-based determination, are installed on non-enterprise activated CMDs. |