The mobile application must store an associated data attribute corresponding to the highest classification of data in the file it stores classified data.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35083 | SRG-APP-000006-MAPP-00001 | SV-46370r1_rule | High |
| Description |
|---|
| A classification attribute assures the data is correctly handled and processed according to its sensitivity. If the classification attribute is missing, then there is risk to data misclassification which could result in a data spill. This control greatly reduces the risk of misclassification that can result in data leaks and spillage. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2013-01-04 |
Details
| Check Text ( C-43470r1_chk ) |
|---|
| For applications that store a single classification of data or have multiple personas, this check does not apply. For applications that store classified data, perform a static program analysis of the application software to assess if the highest data classification attribute is automatically or manually created. If the supporting code is not present, this is a finding. |
| Fix Text (F-39634r1_fix) |
|---|
| Modify code to enable the creation and storage of a highest data classification attribute. |