Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35084 | SRG-APP-000007-MAPP-00002 | SV-46371r1_rule | High |
Description |
---|
A classification attribute assures the data is correctly handled and processed according to its sensitivity. If the classification attribute can be modified, then there is a risk to misclassification of the data resulting in a data spill. This control greatly reduces the risk of unauthorized downward classification of sensitive data that could result in the data being inadvertently combined with non-sensitive data, creating a data spill. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2013-01-04 |
Check Text ( C-43471r1_chk ) |
---|
For applications that store a single classification of data or have multiple personas, this check does not apply. For applications that store classified data, perform a static program analysis of the application software to assess if the highest data classification attribute is automatically or manually created. If the supporting code is not present, this is a finding. |
Fix Text (F-39635r1_fix) |
---|
Modify code and functionality that prohibits an application from reclassifying the data downwardly. |