While mobile applications primarily rely on MOS security controls, a mobile application may contain security functions that enable the device and user to operate in a secure manner. For example, the mobile application may operate its own cryptographic modules for data at rest and data in transit. In the event a security function that would normally encrypt data at rest, data in motion or perform some other form of security measure is not present, then all data, the device and network are at risk to exposure and intrusion from a malicious, unauthorized user. This measure mitigates DoD risk and exposure from being compromised due to the security posture of the device being weakened as a result of failed or disabled security modules. When the application shuts down it must cease running and not just deny services to a user. Other organization defined response actions might include writing an entry to the audit log, notifying the user, or limiting access to particular application features, such as the ability to export data. |