The LG Android 5.0 platform must be configured to enable CC Mode.

From LG Android 5.x Interim Security Configuration Guide

Part of PP-MDF-991000

Associated with: CCI-000366

SV-73271r1_rule The LG Android 5.0 platform must be configured to enable CC Mode.

Vulnerability discussion

CC mode implements several security controls required by the Mobile Device Functional Protection Profile (MDFPP). If CC mode is not implemented, DoD data is more at risk of being compromised, and the MD is more at risk of being compromised if lost or stolen.CC mode implements the following controls:1. Certificate ValidationLG provides Certificate validation feature for all certificates to protect your secure connection from spoofing and invalid certificates. This capability can be automatically configured by enabling CC Mode. 2. Firmware Update ProtectionExcept secure update verified by RSA (2048bit) algorithm and SHA256 for hash, unsecured firmware update methods is restricted in CC mode. 3. Self-test for crypto librariesIf the CC Mode is enabled, self-tests for crypto libraries are automatically started at bootup time. 4. Restriction of TLS cipher suitesLimited cipher suites can be selectable in the CC mode.SFR ID: FMT_SMF.1.1 #42

Check content

This validation procedure is performed on the MDM Administration Console only. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "CC Mode" setting in the MDM console. 2. Verify the setting for the CC mode is set and the device is enrolled on the MDM. If the "Set CC Mode" setting is disabled on the MDM console, this is a finding.

Fix text

Configure the mobile device to enable CC Mode. On the MDM Administration Console, set the "CC Mode".

Pro Tips

Powered by sagemincer