Check: SRG-APP-000045-MAPP-00014
Mobile Application SRG:
SRG-APP-000045-MAPP-00014
(in version v1 r1)
Title
When the mobile application supports multiple persona (e.g., DoD work and non-DoD personal or public), the mobile application must implement or incorporate policy filters that constrain data objects and structure attributes according to organizational security policy statements. (Cat II impact)
Discussion
Transferring data between various personas, such as DoD, non-DoD, personal or public etc., subjects the data to both accidental exposure and malicious intruders able to gain access to the device or application through the least-secure domain. In the case of a dual persona device that supports both personal and DoD use, the potential exists for a user operating in a personal mode to access DoD data, which would be a violation of security policy unless the data was authorized for such transfer. This control greatly mitigates the risk of unauthorized disclosure of sensitive DoD data by incorporating policy that will prevent the user from transferring the data between domains inadvertently, unless he/she chooses to do so, fully aware of the action that is being taken.
Check Content
For mobile applications that support multiple personas, perform one or more of the following: Conduct a dynamic program analysis to assess the application's ability to: - identify data that is authorized for inter-domain transfer. - grant the ability to transfer the above data. - prevent inter-domain transfer of data if it is not authorized to do so. If the dynamic program analysis cannot be performed or is inconclusive, perform a static program analysis to assess if code is present that will support the application's ability to identify data authorized for inter-domain transfer. The review must also identify code that will prevent the inter-domain transfer of data, if not it is not authorized for such transfer. The mobile application may also leverage available MOS or virtualization services that enforce persona separation to achieve compliance. If the dynamic program analysis and/or static program analysis conclude that data authorized for inter-domain transfer cannot be identified, this is a finding. If the dynamic program analysis and/or static program analysis conclude that data transfer between domains is always permitted, this is a finding. If the dynamic program analysis and/or static program analysis reveal there is no ability to discern authorized and non authorized data for inter-domain transfer, this is a finding.
Fix Text
Modify code or operating system configuration to prohibit the transfer of identified unauthorized data between domains.
Additional Identifiers
Rule ID: SV-46495r1_rule
Vulnerability ID: V-35208
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001372 |
The information system, when transferring information between different security domains, implements organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content. |
Controls
Number | Title |
---|---|
AC-4 (14) |
Security Policy Filter Constraints |