Applications must ensure that PKI-based authentication maps the authenticated identity to the user account.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35475	SRG-APP-000177-MAPP-NA	SV-46762r1_rule		Medium

Description
The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. Rationale for non-applicability: This SRG does not apply to mobile applications that perform server functions. Therefore, the mobile application would never map an identity to a user account. If the mobile application connects to a remote enterprise application requiring PKI authentication, then the remote application will perform the requisite mapping.

Description

The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. Rationale for non-applicability: This SRG does not apply to mobile applications that perform server functions. Therefore, the mobile application would never map an identity to a user account. If the mobile application connects to a remote enterprise application requiring PKI authentication, then the remote application will perform the requisite mapping.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43827r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40016r1_fix)
The requirement is NA. No fix is required.