In some environments, the risk of OTA provisioning may outweigh any convenience benefit it offers. In such cases, the administrator should have the ability to disable OTA provisioning to ensure secure breaches do not occur from use of this technique.
Review system documentation and operating system configuration to determine if the system administrator has the ability to disable OTA provisioning. If the operating system does not support OTA provisioning, this also meets the requirement. If the operating system supports OTA but there is no means for the SA to disable that capability, this is a finding.
Fix Text (F-36601r2_fix)
Disable OTA provisioning if threat conditions warrant this action.