An error occurred:

Check: SRG-APP-000190-MAPP-00037

Mobile Application SRG: SRG-APP-000190-MAPP-00037 (in version v1 r1)

Title

The mobile application must close opened network ports at the end of the application session or after an organization defined time period of inactivity. (Cat III impact)

Discussion

Ports that are not closed upon termination of an application or following a pre-defined period of inactivity leave the device vulnerable to exposure from attacks that exploit ports that remain open. As an example, wireless ports, such as Wi-Fi and Bluetooth, are both vulnerable to an adversary in a war driving scenario. In this event, the unauthorized user has the potential to access the device, compromising the security posture of the stored data. Applying this control assures that threat from malicious exploitation of open and unprotected ports that can lead to data integrity and confidentiality risks are mitigated.

Check Content

Perform a documentation review to assess if the application is in compliance with DoD PPSM related guidance. If the documentation review was inconclusive, perform a dynamic program analysis to assess if the application will close ports after an application has terminated a session, or after an organizationally defined time period. This may include the use of port scanners or protocol analyzers. Next, perform a static program analysis to assess if code is present and able to be executed that scans the status of ports used by the application. The code must be able to identify all ports used and force a port closure following termination of the mobile application session. Termination of the application can be either through user action or an unexpected crash. Code must also be present that detects a period of user inactivity that will also force a closure of all ports. If the documentation, dynamic program analysis or static program analysis reveals that ports are not closed either automatically following a session's termination or following a predefined timeout period, this is a finding.

Fix Text

Modify code to close network ports when the application closes or after a period of inactivity.

Additional Identifiers

Rule ID: SV-46803r1_rule

Vulnerability ID: V-35516

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001133

The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-10

Network Disconnect