UCF STIG Viewer Logo

S/MIME must be installed on mobile device, so users can sign/encrypt email


Overview

Finding ID Version Rule ID IA Controls Severity
V-24983 WIR-MOS-iOS-003 SV-30782r2_rule ECSC-1 Medium
Description
S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance the message is authentic and is required by DoD policy. Without S/MIME users will not be able to read encrypted email and will not be able to encrypt email with sensitive information.
STIG Date
Apple iOS 6 Interim Security Configuration Guide (ISCG) 2013-01-17

Details

Check Text ( C-31198r9_chk )
Launch the mobile email client and verify S/MIME is installed in the client. The exact procedures will depend on which mobile email product is being used.
Mark as a finding if the mobile email client does not have S/MIME configured.

If the mobile email client does not have S/MIME configuration settings that can be viewed on the device, try to send a signed encrypted message to a known recipient and verify the recipient can decrypt and verify the digital signature. Mark as a finding if you are unable to send a signed and encrypted message or if the recipient is unable to decrypt and verify the digital signature.

If the Good Technology client is used:
•Log into the iOS device.
•Open the Good application.
•Go to Preferences.
•Verify Smartcard and S/MIME specific settings are listed.
Fix Text (F-27624r5_fix)
Provision the mobile email client with S/MIME so users can digitally sign and encrypt email.