The mobile application must identify the persona from which data is coming before permitting transfer to or from a DoD persona when the mobile application supports multiple personas.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35228	SRG-APP-000049-MAPP-00015	SV-46515r1_rule		Medium

Description
Transfer of data from one persona to another on a device that supports multiple personas poses two significant risks. First, malware present in one persona could migrate to another persona. In this case, the malware could be used to breach other systems, potentially resulting in the unauthorized disclosure of sensitive DoD data. Second, sensitive data from one persona could be exfiltrated to another persona. This also could result in the unauthorized disclosure of sensitive DoD data. Indentifying the source persona is a critical step in preventing improper transfer of data and malware because it enables the implementation of security filters that stop unauthorized transfers.

Description

Transfer of data from one persona to another on a device that supports multiple personas poses two significant risks. First, malware present in one persona could migrate to another persona. In this case, the malware could be used to breach other systems, potentially resulting in the unauthorized disclosure of sensitive DoD data. Second, sensitive data from one persona could be exfiltrated to another persona. This also could result in the unauthorized disclosure of sensitive DoD data. Indentifying the source persona is a critical step in preventing improper transfer of data and malware because it enables the implementation of security filters that stop unauthorized transfers.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43600r1_chk )
If the application does not support multiple personas, this requirement is not applicable. For mobile applications that support multiple personas, conduct a dynamic program analysis to assess the application's ability to identify the source persona. This is primarily achieved by verifying the application enforces known restrictions on inter-persona transfers. If the dynamic program analysis cannot be performed or is inconclusive, perform a static program analysis to assess if code is present that will support the application's ability to identify the source persona in such scenarios. If the dynamic program analysis and/or static program analysis conclude that the application does not identify the source persona when transferring data from one persona to another, this is a finding.

Check Text ( C-43600r1_chk )

If the application does not support multiple personas, this requirement is not applicable. For mobile applications that support multiple personas, conduct a dynamic program analysis to assess the application's ability to identify the source persona. This is primarily achieved by verifying the application enforces known restrictions on inter-persona transfers. If the dynamic program analysis cannot be performed or is inconclusive, perform a static program analysis to assess if code is present that will support the application's ability to identify the source persona in such scenarios. If the dynamic program analysis and/or static program analysis conclude that the application does not identify the source persona when transferring data from one persona to another, this is a finding.

Fix Text (F-39774r1_fix)
Modify code to identify the source persona when data is transferred from one persona to another.