Smartphone Instant Messaging (IM) client application will connect to a DoD controlled IM server that is compliant with the Instant Messaging STIG.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24965 | WIR-SPP-009 | SV-30702r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Non-DoD IM servers can be located anywhere in the world and can expose the DoD smartphone system and enclave to malware and hacker attacks. |
| STIG | Date |
|---|---|
| Smartphone Policy Security Technical Implementation Guide | 2011-04-08 |
Details
| Check Text ( C-31129r1_chk ) |
|---|
| Interview the IAO or smartphone system administrator and determine if smartphone IM is used on site-managed smartphones. If yes, determine what server the smartphone IM system connects to. - The server should be managed by a DoD site. - The IM system must be compliant with the Instant Messaging STIG. Verify that a security review has been conducted on the site IM system and recorded in VMS. |
| Fix Text (F-27600r1_fix) |
|---|
| Follow security requirements for Instant Messaging (IM) applications on smartphones. |