Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35966 | SRG-MPOL-048 | SV-47282r1_rule | Low |
Description |
---|
Scan results must be maintained, so auditors can verify mitigation actions have been completed, so a scan can be compared to a previous scan, and to determine if there are any security vulnerability trends. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2013-01-24 |
Check Text ( C-44203r1_chk ) |
---|
Verify the security personnel or system administrator is saving records of scan results and mitigation actions for the length of time designated by the site security manager (which must be a minimum of 6 months, one year recommended). If results of scans are not maintained by the site for 6 months, this is a finding. |
Fix Text (F-40493r1_fix) |
---|
Maintain the results and mitigation actions from integrity tool validation scans on CMDs, for at least 6 months. |