UCF STIG Viewer Logo

The mobile operating system must employ a DoD approved anti-virus application or otherwise prevent a malware application from installing and executing.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32716 WIR-MOS-iOS-65-15 SV-43062r1_rule ECVP-1 High
Description
In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can result in the disclosure of sensitive information or cause a denial of service. Anti-virus applications are not common on mobile operating systems but one or more methods to mitigate the risk of malware must be in place to protect DoD information and networks.
STIG Date
Apple iOS 5 Security Technical Implementation Guide (STIG) 2012-07-20

Details

Check Text ( C-41076r1_chk )
Review system documentation to determine the approach to malware prevention. This may include secure operating system architectures, mandatory access controls, and high-assurance authentication of code. Inspect the operating system to validate the approach has been implemented as claimed. If the approach has not been implemented, or if the implementation is inadequate, this is a finding.
Fix Text (F-36611r1_fix)
Configure the operating system to prevent a malware application from installing and executing.