STIGQter STIGQter: STIG Summary: Mobile Device Policy Security Technical Implementation Guide (STIG) Version: 2 Release: 6 Benchmark Date: 26 Jul 2019: Mobile device software updates must only originate from approved DoD sources.

DISA Rule

SV-30701r5_rule

Vulnerability Number

V-24964

Group Title

Mobile device provisioning-02

Rule Version

WIR-SPP-008-02

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Ensure mobile device software updates originate from DoD sources or approved non-DoD sources only. Users do not accept Over-The-Air (OTA) wireless software updates from non-approved sources.

Check Contents

Detailed Policy Requirements:
Software updates must come from either DoD sources or DoD-approved sources. Mobile device system administrators should push OTA software updates from the MDM server, when this feature is available. Otherwise the site administrator should verify the non-DoD source of the update has been approved by IT management.

Check Procedures:
Interview the ISSO and MDM server system administrator.

-Verify the site mobile device handheld and MDM server administrators are aware of the requirements.

-Determine what procedures are used at the site for installing software updates on site-managed mobile devices.

If the site does not have procedures in place, so users can down-load software updates from a DoD source or DoD-approved source, this is a finding.

Vulnerability Number

V-24964

Documentable

False

Rule Version

WIR-SPP-008-02

Severity Override Guidance

Detailed Policy Requirements:
Software updates must come from either DoD sources or DoD-approved sources. Mobile device system administrators should push OTA software updates from the MDM server, when this feature is available. Otherwise the site administrator should verify the non-DoD source of the update has been approved by IT management.

Check Procedures:
Interview the ISSO and MDM server system administrator.

-Verify the site mobile device handheld and MDM server administrators are aware of the requirements.

-Determine what procedures are used at the site for installing software updates on site-managed mobile devices.

If the site does not have procedures in place, so users can down-load software updates from a DoD source or DoD-approved source, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

3521

Comments