Title

Malicious code protection applications must update malicious code protection mechanisms only when directed by a privileged user. (Cat II impact)

Discussion

Malicious code protection software must be protected to prevent a non-privileged user or malicious piece of software from manipulating the protection update mechanism. Malicious code includes, viruses, worms, Trojan horses, and Spyware. Rationale for non-applicability: Malicious code protections are implemented by the mobile operating system in conjunction with an MDM. Mobile applications within the scope of the SRG have no relationship to this functionality.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46995r1_rule

Vulnerability ID: V-35708

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.