Navigate

Check: SRG-MPOL-050

Mobile Policy SRG: SRG-MPOL-050 (in version v1 r2)

Title

The organization must review MDM integrity scan results at least daily. (Cat III impact)

Discussion

If the organization does not review the integrity tool scans, an attacker may not be noticed by the administrator, and gain control of DoD data or compromise the system.

Check Content

Verify a procedure is in place to have mobile OS device integrity tool scans reviewed daily by the system administrator or security personnel, or continuously by a server. If tool scans are not reviewed daily, or continuously by a server, this is a finding.

Fix Text

Review MDM integrity tool scans daily by the system administrator or security personnel, or continuously by a server.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35968

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001334	The organization requires that unclassified mobile devices used in facilities containing information systems processing, storing, or transmitting classified information and the information stored on those devices be subject to random reviews and inspections by organization-defined security officials.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-19 (4)	Restrictions For Classified Information