All non-core applications on the smartphone must be approved by the DAA or Command IT Configuration Control Board.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24986 | WIR-MOS-WP-006-01 | SV-32839r2_rule | DCCB-1 ECWN-1 | Low |
| Description |
|---|
| Non-approved applications can contain malware. Approved applications should be reviewed and tested by the approving authority to ensure they do not contain malware, spyware, or have unexpected features (e.g., send private information to a web site, track user actions, connect to a non-DoD management server). |
| STIG | Date |
|---|---|
| Windows Phone 6.5 (with Good Mobility Suite) Security Technical Implementation Guide | 2011-10-04 |
Details
| Check Text ( C-33517r1_chk ) |
|---|
| -Select 3-4 random devices managed by the site to review. -Make a list of non-core applications on each device. --Have the user log into the device. View all App icons on the home screen or in folders on the home screen. --If an App is not in the list of core Apps (see below), then note the name of the App. --Verify the site has written approval to use the App from the DAA or site IT CCB. -Mark as a finding if any App has not been approved. A list of standard core Windows Phone 6.5 device Apps can be found in the STIG Configuration Tables document. Note: The DAA or IT CCB should also indicate if location services are approved for any approved applications, including core applications (e.g., camera, maps, etc.). |
| Fix Text (F-27627r2_fix) |
|---|
| Have DAA or Command IT CCB review and approve all non-core applications on mobile OS devices. |