Title

Applications required to be non-modifiable must support organizational requirements to provide components that contain no writeable storage capability. These components must be persistent across restart and/or power on/off. (Cat II impact)

Discussion

Organizations may require applications or application components to be non-modifiable or to be stored and executed on non-writeable storage. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Rationale for non-applicability: This control conflicts with a core requirement that mobile applications be modifiable. The primary means for updating the configuration of mobile applications is to replace the entire application.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46922r1_rule

Vulnerability ID: V-35635

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.