An error occurred:

Check: ARWA-02-000184

AirWatch MDM STIG: ARWA-02-000184 (in version v1 r3)

Title

The AirWatch MDM Server must configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or AirWatch MDM Server). (Cat II impact)

Discussion

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.

Check Content

Review the AirWatch MDM Server configuration to ensure the AirWatch MDM Server can configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or AirWatch MDM Server). If this function is not present, this is a finding. Note that the following should take place in conjunction with application blacklisting/whitelisting as noted in applicable items within this STIG and the document: "AirWatch Mobile Application Management Guide", page 35, "Enforcing Application Security and Compliance", describing Application blacklisting/whitelisting and deployment control. To verify applications assigned to mobile devices: (1) In administration console click on "Menu" in top tool bar, and (2) click on "Applications" under "Catalog" heading. (3) Using tabs on top toolbar Administrator can choose "Internal", "Public", or "Purchased" applications, and verify applications assigned to devices.

Fix Text

Configure the AirWatch MDM Server so the mobile device agent is configured to prohibit the download of software from a DoD non-approved source. For Administration console: (1) In administration console click on "Menu" in top tool bar, and (2) click on "Applications" under "Catalog" heading. (3) Using tabs on top toolbar Administrator can choose "Internal", "Public", or "Purchased" applications, (4) load or search for application and, (5) assign to devices.

Additional Identifiers

Rule ID: SV-60197r1_rule

Vulnerability ID: V-47325

Group Title: SRG-APP-135-MDM-149-MDM

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000370

Manage configuration settings for organization-defined system components using organization-defined automated mechanisms.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6(1)

Automated Central Management / Application / Verification