UCF STIG Viewer Logo

The mobile operating system must employ a DoD-approved anti-malware protections.


Finding ID Version Rule ID IA Controls Severity
V-32716 WIR-MOS-iOS-65-15 SV-43062r2_rule ECVP-1 High
In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can result in the disclosure of sensitive information or cause a denial of service. Anti-virus applications are not common on mobile operating systems but one or more methods to mitigate the risk of malware must be in place to protect DoD information and networks.
Apple iOS6 Security Technical Implementation Guide 2014-10-07


Check Text ( C-41076r5_chk )
The method for meeting this requirement using an iOS device is by implementing MDIS and MAM servers in the system architecture.

Verify the site has implemented both the MDIS and MAM servers by reviewing system documentation and interviewing the IAO and verify the MDIS and MAM agents are installed on a sample (3-4) of site-managed devices.

Mark as a finding if an MDIS and MAM server are not installed in the system architecture.
Fix Text (F-36611r2_fix)
Install MDIS and MAM servers in the system architecture.