Title

The application must establish a trusted communications path between the user and organization-defined security functions within the information system. (Cat II impact)

Discussion

The application user interface must provide an unspoofable and faithful communication channel between the user and any entity trusted to manipulate authorities on the user's behalf. A trusted path shall be employed for high-confidence connections between the security functions of the information system and the user (e.g., for login). Rationale for non-applicability: This control is required in the MOS SRG. The operating system provides the only means to establish trusted communications paths internal to a mobile device because the operating system can always act as a man-in-the-middle to any application control.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46804r1_rule

Vulnerability ID: V-35517

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.