Title

The mobile application must store an associated data attribute corresponding to the highest classification of data in the file it stores classified data. (Cat I impact)

Discussion

A classification attribute assures the data is correctly handled and processed according to its sensitivity. If the classification attribute is missing, then there is risk to data misclassification which could result in a data spill. This control greatly reduces the risk of misclassification that can result in data leaks and spillage.

Check Content

For applications that store a single classification of data or have multiple personas, this check does not apply. For applications that store classified data, perform a static program analysis of the application software to assess if the highest data classification attribute is automatically or manually created. If the supporting code is not present, this is a finding.

Fix Text

Modify code to enable the creation and storage of a highest data classification attribute.

Additional Identifiers

Rule ID: SV-46370r1_rule

Vulnerability ID: V-35083

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.