Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-26729 | WIR-GMMS-006-02 | SV-33972r2_rule | ECCR-1 | Medium |
Description |
---|
A security container is required on any device using a mobile OS with an encryption module which is not FIPS 140-2 validated. An approved security container application uses FIPS 140-2 validated cryptographic module with AES encryption to protect data-at-rest and data-in-transit. If this requirement is not met, malware could be saved in the security container application on the mobile device. |
STIG | Date |
---|---|
Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Check Text ( C-34498r5_chk ) |
---|
If the MDM client provides the mobile device security container, use the following procedure for verifying requirement is met: 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy using the following procedure: -Have the SA identify STIG compliant and non compliant policies on the server. --Log into the MDM server console. --Click on the Policies tab. --View all iOS security policies on the server. -Note: STIG-compliant policies should be identified as such in the policy title. An example is STIG_iOS_Policy. It is recommended that all non-STIG policies be deleted. 2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. -Note: If there is a finding, note the name of the non STIG-compliant policy in the Findings Details section in VMS/Component Provided Tracking Database. -Launch the MDM console and click on the Policies tab. -Select an iOS security policy to review. -The exact procedure used to verify the required setting will vary by MDM product. For the Good technology MDM server: -Verify “Do not allow data to be copied into the Good application” is checked. Mark as a finding if copying data from a non-secure data area on the mobile device to inside the security container is not disabled in the security policy. |
Fix Text (F-30028r5_fix) |
---|
Disable copying data from outside the security container application on the mobile device to inside the security container application on the MDM server security policy implemented on managed mobile devices. |