Title

The organization must develop procedures for ensuring mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices are updated within an organization defined period after the updates/patches are available. (Cat I impact)

Discussion

Patches and fixes to an operating system (OS) or application are necessary elements in maintaining the security posture of a system. If one system has been compromised or exposed to a potential vulnerability, the entire infrastructure is at risk. Patches and fixes can be critical security flaws that have been identified and, without their application, may pose a significant risk to DoD data.

Check Content

Review the organization’s patch procedure and policy to determine if mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices are updated within an organization defined period after the updates/patches are available. If the organization is not updating or patching within the organization defined period of time, this is a finding.

Fix Text

Develop procedures to update mobile operating systems, mobile applications, and mobile device management agents on managed mobile devices within the organization defined period after the updates or patches are available.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35987

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.