UCF STIG Viewer Logo

The site must set up local operating procedures for initial provisioning and subsequent software and application updates using the procedures published in the STIG Overview document.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25842 WIR-MOS-AND-043 SV-35001r1_rule DCPR-1 PESP-1 Medium
Description
Strong configuration management of applications on a smartphone is a key malware control. Most smartphones must have individual commercial web portal (e.g., iTunes, Android Market, etc.) accounts and be connected to the commercial App Store to provision the smartphone. A DoD user can jailbreak a smartphone and bypass smartphone application and malware controls. To ensure strong configuration management of the security baseline of the smartphone, all software loading should be done by the SA.
STIG Date
Android 2.2 (Dell) Security Technical Implementation Guide 2014-08-26

Details

Check Text ( C-34877r1_chk )
All smartphone provisioning and updates are under the control of the site Android device System Administrator (SA).
Interview the site IAO and Android device SA.

Verify the site has a procedure for initial provisioning and subsequent updates of site managed Android devices.

Review the site procedure and verify they follow the procedures found in the STIG Overview document.

Mark as a finding if these procedures are not followed.
Fix Text (F-28707r1_fix)
Set up local operating procedures for initial provisioning and subsequent software and application updates according to procedures published in the STIG/ISCG Overview document.