The application must establish a trusted communications path between the user and organization-defined security functions within the information system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35517	SRG-APP-000191-MAPP-NA	SV-46804r1_rule		Medium

Description
The application user interface must provide an unspoofable and faithful communication channel between the user and any entity trusted to manipulate authorities on the user's behalf. A trusted path shall be employed for high-confidence connections between the security functions of the information system and the user (e.g., for login). Rationale for non-applicability: This control is required in the MOS SRG. The operating system provides the only means to establish trusted communications paths internal to a mobile device because the operating system can always act as a man-in-the-middle to any application control.

Description

The application user interface must provide an unspoofable and faithful communication channel between the user and any entity trusted to manipulate authorities on the user's behalf. A trusted path shall be employed for high-confidence connections between the security functions of the information system and the user (e.g., for login). Rationale for non-applicability: This control is required in the MOS SRG. The operating system provides the only means to establish trusted communications paths internal to a mobile device because the operating system can always act as a man-in-the-middle to any application control.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43857r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40058r1_fix)
The requirement is NA. No fix is required.