Title

Mobile OS devices (smartphones / tablets) must have a device integrity validation tool baseline scan on file. (Cat II impact)

Discussion

The purpose of this scan is to determine if there has been an unexplained change in the mobile OS file system indicating the device has been compromised by malware or by rooting the device. A baseline scan provides a known good condition to compare with subsequent scans. A new baseline scan should be completed after the installation or removal of an application.

Check Content

Interview the IAO and Android device Administrator. Verify Fixmo Sentinel baseline scans are on file for all site managed Android devices. Select 4-5 site managed Android devices to review. Have the IAO show the reviewer the baseline scan for each device using Sentinel Desktop or Sentinel server. Mark as a finding if a baseline scan is not available.

Fix Text

Create baseline scans for each site managed mobile device.

Additional Identifiers

Rule ID: SV-40283r1_rule

Vulnerability ID: V-30566

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.