Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35469 | SRG-APP-000171-MAPP-NA | SV-46756r1_rule | Medium |
Description |
---|
Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. Rationale for non-applicability: The MAPP SRG does not require user authentication for local applications. In the case of mobile applications that connect to remote servers, the password should be stored on the remote server in an encrypted format and not on the local device. Accordingly, there are no stored passwords that require encryption |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2013-01-04 |
Check Text ( C-43820r1_chk ) |
---|
This requirement is NA for the MAPP SRG. |
Fix Text (F-40009r1_fix) |
---|
The requirement is NA. No fix is required. |