Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35086 | SRG-APP-000009-MAPP-00004 | SV-46373r1_rule | Medium |
Description |
---|
A classification attribute assures the data is correctly stored, transmitted, handled, and processed according to its sensitivity. Stored, processed, or transmitted data is vulnerable to exposure through incorrect labeling if its classification attribute is not transmitted with it. Implementing this control assures the data is handled accordingly regarding its classification during transmission and subsequent distribution, greatly reducing the risk of misclassification and data spills. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2013-01-04 |
Check Text ( C-43473r1_chk ) |
---|
For applications that store a single classification of data or have multiple personas, this check does not apply. For applications that store, process, or transmit classified data, carry out a dynamic program analysis to assess if the application assigns a classification attribute to any newly created data file or transmitted data stream. Examine each data file created and assess if an attribute is included. If the dynamic program analysis is inconclusive, or cannot be performed, carry out a static program analysis to assess if code is present that makes the application assign a classification attribute to any newly created data file and transmitted data stream. If the dynamic or static program analysis reveals no data classification attributes are assigned to any newly created data file or transmit data stream, this is a finding. |
Fix Text (F-39637r1_fix) |
---|
Modify code to assign a classification attribute to any newly created data file or stream when the application stores, processes, or transmits classified data. |