Applications functioning in the capacity of a firewall must check incoming communications to ensure the communications are coming from an authorized source and routed to an authorized destination.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35653	SRG-APP-000249-MAPP-NA	SV-46940r1_rule		Medium

Description
In regards to boundary controls such as routers and firewalls, examples of restricting and prohibiting communications are: restricting external web traffic only to organizational web servers within managed interfaces and prohibiting external traffic that appears to be spoofing an internal address as the source. Rationale for non-applicability: The mobile operating system provides firewall functionality on mobile devices. The requirement for application sandboxing precludes applications from checking the inbound and outbound traffic of other applications. If an application were granted the ability to perform this function, the application could perform a man-in-the-middle attack on other applications running on the device.

Description

In regards to boundary controls such as routers and firewalls, examples of restricting and prohibiting communications are: restricting external web traffic only to organizational web servers within managed interfaces and prohibiting external traffic that appears to be spoofing an internal address as the source. Rationale for non-applicability: The mobile operating system provides firewall functionality on mobile devices. The requirement for application sandboxing precludes applications from checking the inbound and outbound traffic of other applications. If an application were granted the ability to perform this function, the application could perform a man-in-the-middle attack on other applications running on the device.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43995r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40195r1_fix)
The requirement is NA. No fix is required.