UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All non-core applications on the smartphone must be approved by the DAA or Command IT Configuration Control Board.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24986 WIR-MOS-WP-006-01 SV-32839r2_rule DCCB-1 ECWN-1 Low
Description
Non-approved applications can contain malware. Approved applications should be reviewed and tested by the approving authority to ensure they do not contain malware, spyware, or have unexpected features (e.g., send private information to a web site, track user actions, connect to a non-DoD management server).
STIG Date
Windows Phone 6.5 (with Good Mobility Suite) Security Technical Implementation Guide 2011-10-04

Details

Check Text ( C-33517r1_chk )
-Select 3-4 random devices managed by the site to review.

-Make a list of non-core applications on each device.
--Have the user log into the device. View all App icons on the home screen or in folders on the home screen.
--If an App is not in the list of core Apps (see below), then note the name of the App.
--Verify the site has written approval to use the App from the DAA or site IT CCB.

-Mark as a finding if any App has not been approved.

A list of standard core Windows Phone 6.5 device Apps can be found in the STIG Configuration Tables document.

Note: The DAA or IT CCB should also indicate if location services are approved for any approved applications, including core applications (e.g., camera, maps, etc.).
Fix Text (F-27627r2_fix)
Have DAA or Command IT CCB review and approve all non-core applications on mobile OS devices.