Check: SRG-APP-000013-MAPP-00008
Mobile Application SRG:
SRG-APP-000013-MAPP-00008
(in version v1 r1)
Title
The mobile application must display the classification of the data in human readable form whenever it displays any data to the user of the mobile device if it processes, stores, or transmits classified data. (Cat II impact)
Discussion
Unlabeled, sensitive data could easily be mixed with unclassified data and misclassified data could be transmitted on a no secure network. Unless the application informs the user of the sensitivity of any data he or she is working with, then the potential exists for a data spillage. This control assures the user is fully aware of the data's classification which provides greater assurance against it being misclassified and incorrectly handled.
Check Content
For applications that process, store, or transmit classified data, perform a dynamic program analysis to assure that the user is reliably informed in human readable form of the classification of any data that the user works with on the mobile device. If no function exists to display the classification of the data in human readable form whenever it displays any data to the user of the mobile device, this is a finding.
Fix Text
Modify code to create functionality that displays the classification of the data in human readable form whenever it displays any data to the user of the mobile device.
Additional Identifiers
Rule ID: SV-46387r1_rule
Vulnerability ID: V-35100
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001428 |
The information system displays security attributes in human-readable form on each object that the system transmits to output devices to identify organization-identified special dissemination, handling, or distribution instructions using organization-identified human-readable, standard naming conventions. |
Controls
| Number | Title |
|---|---|
| AC-16 (5) |
Attribute Displays For Output Devices |