Navigate

Check: SRG-APP-000172-MAPP-NA

Mobile Application SRG: SRG-APP-000172-MAPP-NA (in version v1 r1)

Title

The application must support organizational requirements to enforce password encryption for transmission. (Cat II impact)

Discussion

Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. Rationale for non-applicability: The MAPP SRG does not have a requirement for user authentication to local applications, which obviates the need for passwords. To the extent the local application facilitates user authentication to a remote application, the remote application can enforce a variety of mechanisms to protect the password, including encryption of passwords using SSL/TLS.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46757r1_rule

Vulnerability ID: V-35470

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000197	The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (1)	Password-Based Authentication