Applications required to be non-modifiable must support organizational requirements to provide components that contain no writeable storage capability. These components must be persistent across restart and/or power on/off.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35635	SRG-APP-000240-MAPP-NA	SV-46922r1_rule		Medium

Description
Organizations may require applications or application components to be non-modifiable or to be stored and executed on non-writeable storage. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Rationale for non-applicability: This control conflicts with a core requirement that mobile applications be modifiable. The primary means for updating the configuration of mobile applications is to replace the entire application.

Description

Organizations may require applications or application components to be non-modifiable or to be stored and executed on non-writeable storage. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Rationale for non-applicability: This control conflicts with a core requirement that mobile applications be modifiable. The primary means for updating the configuration of mobile applications is to replace the entire application.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43978r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40177r1_fix)
The requirement is NA. No fix is required.