The organization must develop procedures for ensuring mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices are updated within an organization-defined period after the updates/patches are available.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-092 | SRG-MPOL-092 | SRG-MPOL-092_rule | High |
| Description |
|---|
| Patches and fixes to an operating system (OS) or application are necessary elements in maintaining the security posture of a system. If one system has been compromised or exposed to a potential vulnerability, the entire infrastructure is at risk. Patches and fixes can be critical security flaws that have been identified and, without their application, may pose a significant risk to DoD data. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-092_chk ) |
|---|
| Review the organizations patch procedure and policy to determine if mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices are updated within an organization-defined period after the updates/patches are available. If the organization is not updating or patching within the organization-defined period of time, this is a finding. |
| Fix Text (F-SRG-MPOL-092_fix) |
|---|
| Update mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices within the organization-defined period after the updates/patches are available. |