The organization must maintain results and mitigation actions, from CMD integrity validation tool scans on site managed mobile devices, for 6 months (one year recommended).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35966 | SRG-MPOL-048 | SV-47282r1_rule | Low |
| Description |
|---|
| Scan results must be maintained, so auditors can verify mitigation actions have been completed, so a scan can be compared to a previous scan, and to determine if there are any security vulnerability trends. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44203r1_chk ) |
|---|
| Verify the security personnel or system administrator is saving records of scan results and mitigation actions for the length of time designated by the site security manager (which must be a minimum of 6 months, one year recommended). If results of scans are not maintained by the site for 6 months, this is a finding. |
| Fix Text (F-40493r1_fix) |
|---|
| Maintain the results and mitigation actions from integrity tool validation scans on CMDs, for at least 6 months. |