Title

Mitigation actions identified by Mobile OS device integrity tool scans on site managed Mobile OS devices must be implemented. (Cat II impact)

Discussion

If mitigation actions identified by the Mobile OS device integrity tool are not implemented, DoD data and the enclave could be at risk of being compromised.

Check Content

Determine if mitigation actions recommended by the Android device integrity validation tool, based on scanning results, have been implemented by the site. Interview the IAO and Android Administrator. Review the tool scanning results of the tool that were conducted over the previous 6 months that the site has on file. Select 4-5 site managed Android devices to review. -For each device, have the Android device Administrator show scan logs for each device for the past several months. Find several scans that have identified compromising events, if available. Determine if the site completed recommended mitigation actions. Mark as a finding if mitigation actions were not completed. Note: It is recommended that the site establish a procedure for recording mitigation actions competed for each site managed device.

Fix Text

Implement required mitigation actions.

Additional Identifiers

Rule ID: SV-39870r1_rule

Vulnerability ID: V-30250

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.