UCF STIG Viewer Logo

The organization must develop procedures for ensuring mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices are updated within an organization defined period after the updates/patches are available.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35987 SRG-MPOL-069 SV-47303r1_rule High
Description
Patches and fixes to an operating system (OS) or application are necessary elements in maintaining the security posture of a system. If one system has been compromised or exposed to a potential vulnerability, the entire infrastructure is at risk. Patches and fixes can be critical security flaws that have been identified and, without their application, may pose a significant risk to DoD data.
STIG Date
Mobile Policy Security Requirements Guide 2013-07-03

Details

Check Text ( C-44224r1_chk )
Review the organization’s patch procedure and policy to determine if mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices are updated within an organization defined period after the updates/patches are available. If the organization is not updating or patching within the organization defined period of time, this is a finding.
Fix Text (F-40514r1_fix)
Develop procedures to update mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices within the organization defined period after the updates or patches are available.