The organization, at the mobile device management (MDM) server site, must verify that local sites, where CMDs are provisioned, issued, and managed, are conducting annual self assessments.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35964 | SRG-MPOL-046 | SV-47280r1_rule | Low |
| Description |
|---|
| The security integrity of the CMD system depends on whether local sites, where CMDs are provisioned and issued, are complying with IA requirements. The risk of both malware being introduced on a handheld device, and of avenues of attack into the enclave being introduced via a CMD, are heightened if IA control procedures are not followed. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44201r1_chk ) |
|---|
| Verify the security personnel of the site where the MDM server is located, is tracking whether local/remote sites (where CMDs are provisioned, issued, and managed) are conducting annual self assessments. Command-level action should be considered for local sites not complying with security requirements for the provisioning, issuance, and managements of CMDs. If required annual self assessments have not been completed by the site, this is a finding. |
| Fix Text (F-40491r1_fix) |
|---|
| Conduct annual self assessments where CMDs are provisioned, issued, and managed. |