UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization, at the mobile device management (MDM) server site, must verify that local sites, where CMDs are provisioned, issued, and managed, are conducting annual self assessments.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35964 SRG-MPOL-046 SV-47280r1_rule Low
Description
The security integrity of the CMD system depends on whether local sites, where CMDs are provisioned and issued, are complying with IA requirements. The risk of both malware being introduced on a handheld device, and of avenues of attack into the enclave being introduced via a CMD, are heightened if IA control procedures are not followed.
STIG Date
Mobile Policy Security Requirements Guide 2013-07-03

Details

Check Text ( C-44201r1_chk )
Verify the security personnel of the site where the MDM server is located, is tracking whether local/remote sites (where CMDs are provisioned, issued, and managed) are conducting annual self assessments.

Command-level action should be considered for local sites not complying with security requirements for the provisioning, issuance, and managements of CMDs.

If required annual self assessments have not been completed by the site, this is a finding.
Fix Text (F-40491r1_fix)
Conduct annual self assessments where CMDs are provisioned, issued, and managed.