The application must prevent non-privileged users from circumventing malicious code protection capabilities.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35707	SRG-APP-000273-MAPP-NA	SV-46994r1_rule		Medium

Description
Malicious code protection software must be protected so as to prevent a non-privileged user or malicious piece of software from disabling the protection mechanism. A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it. Malicious code includes, viruses, worms, Trojan horses, and Spyware. Examples include the capability for non-administrative user's to turn off or otherwise disable anti-virus. Rationale for non-applicability: Malicious code protections are implemented by the mobile operating system in conjunction with an MDM. Mobile applications within the scope of the SRG have no relationship to this functionality.

Description

Malicious code protection software must be protected so as to prevent a non-privileged user or malicious piece of software from disabling the protection mechanism. A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it. Malicious code includes, viruses, worms, Trojan horses, and Spyware. Examples include the capability for non-administrative user's to turn off or otherwise disable anti-virus. Rationale for non-applicability: Malicious code protections are implemented by the mobile operating system in conjunction with an MDM. Mobile applications within the scope of the SRG have no relationship to this functionality.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-44050r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40250r1_fix)
The requirement is NA. No fix is required.