The mobile application must provide integrity protection for the classification attributes bound to the transmitted data if it transmits classified data.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35531	SRG-APP-000204-MAPP-00046	SV-46818r1_rule		High

Description
Data classification attributes include the level of classification (e.g., Secret, Top Secret) and additional handling or program parameters if they exist. Data classification attributes are used to ensure classified data is properly handled when transmitted and correctly distributed and stored upon receipt. If integrity checks are not used to detect errors or manipulative action by intruders to data streams, there is no way to ensure the integrity of the application data as it traverses the network. This means the data classification attribute is also subject to manipulative action which could lead to incorrect handling and distribution upon receipt. This control assures the integrity of the transmitted data's classification attributes have been secured which will further mitigate any risks associated with further handling of the data.

Description

Data classification attributes include the level of classification (e.g., Secret, Top Secret) and additional handling or program parameters if they exist. Data classification attributes are used to ensure classified data is properly handled when transmitted and correctly distributed and stored upon receipt. If integrity checks are not used to detect errors or manipulative action by intruders to data streams, there is no way to ensure the integrity of the application data as it traverses the network. This means the data classification attribute is also subject to manipulative action which could lead to incorrect handling and distribution upon receipt. This control assures the integrity of the transmitted data's classification attributes have been secured which will further mitigate any risks associated with further handling of the data.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43872r1_chk )
For mobile applications that transmit classified data, review the application documentation to assess if the application supports mechanisms assuring the integrity of transmitted labels and security parameters. If the documentation review is inconclusive or cannot be done, perform a dynamic program analysis of the application by logging in and assessing if there is support for integrity mechanisms that serve transmission of both incoming and outgoing labels and classification attributes. If the dynamic program analysis cannot be performed or is inconclusive, perform a static program analysis to assess if code is present that will provide support for integrity mechanisms that serve transmission of both incoming and outgoing labels and classification attributes. If the dynamic program analysis and static program analysis reveals the application does not support integrity mechanisms for any transmitted data or its labels and attributes, this is a finding.

Check Text ( C-43872r1_chk )

For mobile applications that transmit classified data, review the application documentation to assess if the application supports mechanisms assuring the integrity of transmitted labels and security parameters. If the documentation review is inconclusive or cannot be done, perform a dynamic program analysis of the application by logging in and assessing if there is support for integrity mechanisms that serve transmission of both incoming and outgoing labels and classification attributes. If the dynamic program analysis cannot be performed or is inconclusive, perform a static program analysis to assess if code is present that will provide support for integrity mechanisms that serve transmission of both incoming and outgoing labels and classification attributes. If the dynamic program analysis and static program analysis reveals the application does not support integrity mechanisms for any transmitted data or its labels and attributes, this is a finding.

Fix Text (F-40072r1_fix)
Implement integrity mechanisms for transmission of both incoming and outgoing data labels and classification attributes.