The application must support organizational requirements to enforce password encryption for storage.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35469	SRG-APP-000171-MAPP-NA	SV-46756r1_rule		Medium

Description
Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. Rationale for non-applicability: The MAPP SRG does not require user authentication for local applications. In the case of mobile applications that connect to remote servers, the password should be stored on the remote server in an encrypted format and not on the local device. Accordingly, there are no stored passwords that require encryption

Description

Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. Rationale for non-applicability: The MAPP SRG does not require user authentication for local applications. In the case of mobile applications that connect to remote servers, the password should be stored on the remote server in an encrypted format and not on the local device. Accordingly, there are no stored passwords that require encryption

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43820r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40009r1_fix)
The requirement is NA. No fix is required.