Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35653 | SRG-APP-000249-MAPP-NA | SV-46940r1_rule | Medium |
Description |
---|
In regards to boundary controls such as routers and firewalls, examples of restricting and prohibiting communications are: restricting external web traffic only to organizational web servers within managed interfaces and prohibiting external traffic that appears to be spoofing an internal address as the source. Rationale for non-applicability: The mobile operating system provides firewall functionality on mobile devices. The requirement for application sandboxing precludes applications from checking the inbound and outbound traffic of other applications. If an application were granted the ability to perform this function, the application could perform a man-in-the-middle attack on other applications running on the device. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2013-01-04 |
Check Text ( C-43995r1_chk ) |
---|
This requirement is NA for the MAPP SRG. |
Fix Text (F-40195r1_fix) |
---|
The requirement is NA. No fix is required. |