Applications must support organizationally-defined requirements to load and execute from hardware-enforced, read-only media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35640 | SRG-APP-000242-MAPP-NA | SV-46927r1_rule | Medium |
| Description |
|---|
| Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image. Organizations may require the information system to load specified applications from hardware enforced read-only media. Hardware-enforced, read-only media include, CD-R/DVD-R disk drives. Rationale for non-applicability: Given the small form factor of mobile devices and the necessity to minimize the size and number of components, mobile devices are not expected to support read-only media for any application. Even in cases in which this requirement was enforced, it would be as a result of a policy requirement on specialized hardware. There is no technical means for an application to enforce this control as it has no control over the hardware on which it resides. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2013-01-04 |
Details
| Check Text ( C-43982r1_chk ) |
|---|
| This requirement is NA for the MAPP SRG. |
| Fix Text (F-40182r1_fix) |
|---|
| The requirement is NA. No fix is required. |