An error occurred:

Check: SRG-APP-000204-MAPP-00046

Mobile Application SRG: SRG-APP-000204-MAPP-00046 (in version v1 r1)

Title

The mobile application must provide integrity protection for the classification attributes bound to the transmitted data if it transmits classified data. (Cat I impact)

Discussion

Data classification attributes include the level of classification (e.g., Secret, Top Secret) and additional handling or program parameters if they exist. Data classification attributes are used to ensure classified data is properly handled when transmitted and correctly distributed and stored upon receipt. If integrity checks are not used to detect errors or manipulative action by intruders to data streams, there is no way to ensure the integrity of the application data as it traverses the network. This means the data classification attribute is also subject to manipulative action which could lead to incorrect handling and distribution upon receipt. This control assures the integrity of the transmitted data's classification attributes have been secured which will further mitigate any risks associated with further handling of the data.

Check Content

For mobile applications that transmit classified data, review the application documentation to assess if the application supports mechanisms assuring the integrity of transmitted labels and security parameters. If the documentation review is inconclusive or cannot be done, perform a dynamic program analysis of the application by logging in and assessing if there is support for integrity mechanisms that serve transmission of both incoming and outgoing labels and classification attributes. If the dynamic program analysis cannot be performed or is inconclusive, perform a static program analysis to assess if code is present that will provide support for integrity mechanisms that serve transmission of both incoming and outgoing labels and classification attributes. If the dynamic program analysis and static program analysis reveals the application does not support integrity mechanisms for any transmitted data or its labels and attributes, this is a finding.

Fix Text

Implement integrity mechanisms for transmission of both incoming and outgoing data labels and classification attributes.

Additional Identifiers

Rule ID: SV-46818r1_rule

Vulnerability ID: V-35531

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001158

Verify the integrity of transmitted security attributes.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-16(1)

Integrity Validation