Title

Mobile OS devices (smartphones/tablets) device integrity validation scan interval must be 6 hours or less. (Cat II impact)

Discussion

The purpose of this scan is to determine if there has been an unexplained change in the mobile OS file system that may indicate the device has been compromised by malware or by rooting the device.

Check Content

The scan interval is setup on the device but cannot be verified on the device. Check Procedures: Interview the IAO and Android device Administrator. Select 4-5 Android site managed Android devices to review. -For each device, have the Android device Administrator show scan logs for each device for the previous week. Verify the scans are about 6 hours or less apart. If the scans are not approximately 6 hours apart, mark as a finding. Note: There are several factors that could influence how often the scans are conducted and emailed from the mobile device, including if the device is powered on and if the device has wireless connectivity with the SMTP server. The reviewer should use their best judgment to verify that the majority of the scans received in the previous week for each device being reviewed are about 6 hours or less apart.

Fix Text

Configure the Fixmo Sentinel application to scan site managed Android devices every 6 hours or less.

Additional Identifiers

Rule ID: SV-40286r1_rule

Vulnerability ID: V-30567

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.