The mobile application must not permit any classification attribute to be modified to a lower level of classification if it processes classified data.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35084	SRG-APP-000007-MAPP-00002	SV-46371r1_rule		High

Description
A classification attribute assures the data is correctly handled and processed according to its sensitivity. If the classification attribute can be modified, then there is a risk to misclassification of the data resulting in a data spill. This control greatly reduces the risk of unauthorized downward classification of sensitive data that could result in the data being inadvertently combined with non-sensitive data, creating a data spill.

Description

A classification attribute assures the data is correctly handled and processed according to its sensitivity. If the classification attribute can be modified, then there is a risk to misclassification of the data resulting in a data spill. This control greatly reduces the risk of unauthorized downward classification of sensitive data that could result in the data being inadvertently combined with non-sensitive data, creating a data spill.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43471r1_chk )
For applications that store a single classification of data or have multiple personas, this check does not apply. For applications that store classified data, perform a static program analysis of the application software to assess if the highest data classification attribute is automatically or manually created. If the supporting code is not present, this is a finding.

Fix Text (F-39635r1_fix)
Modify code and functionality that prohibits an application from reclassifying the data downwardly.