Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25842 | WIR-MOS-AND-043 | SV-35001r1_rule | DCPR-1 PESP-1 | Medium |
Description |
---|
Strong configuration management of applications on a smartphone is a key malware control. Most smartphones must have individual commercial web portal (e.g., iTunes, Android Market, etc.) accounts and be connected to the commercial App Store to provision the smartphone. A DoD user can jailbreak a smartphone and bypass smartphone application and malware controls. To ensure strong configuration management of the security baseline of the smartphone, all software loading should be done by the SA. |
STIG | Date |
---|---|
Android 2.2 (Dell) Security Technical Implementation Guide | 2014-08-26 |
Check Text ( C-34877r1_chk ) |
---|
All smartphone provisioning and updates are under the control of the site Android device System Administrator (SA). Interview the site IAO and Android device SA. Verify the site has a procedure for initial provisioning and subsequent updates of site managed Android devices. Review the site procedure and verify they follow the procedures found in the STIG Overview document. Mark as a finding if these procedures are not followed. |
Fix Text (F-28707r1_fix) |
---|
Set up local operating procedures for initial provisioning and subsequent software and application updates according to procedures published in the STIG/ISCG Overview document. |