The organization, at the mobile device management (MDM) server site, must verify that local sites, where CMDs are provisioned, issued, and managed, are conducting annual self assessments.

From Mobile Policy Security Requirements Guide

Associated with: CCI-001334

SV-47280r1_rule The organization, at the mobile device management (MDM) server site, must verify that local sites, where CMDs are provisioned, issued, and managed, are conducting annual self assessments.

Vulnerability discussion

The security integrity of the CMD system depends on whether local sites, where CMDs are provisioned and issued, are complying with IA requirements. The risk of both malware being introduced on a handheld device, and of avenues of attack into the enclave being introduced via a CMD, are heightened if IA control procedures are not followed.

Check content

Verify the security personnel of the site where the MDM server is located, is tracking whether local/remote sites (where CMDs are provisioned, issued, and managed) are conducting annual self assessments. Command-level action should be considered for local sites not complying with security requirements for the provisioning, issuance, and managements of CMDs. If required annual self assessments have not been completed by the site, this is a finding.

Fix text

Conduct annual self assessments where CMDs are provisioned, issued, and managed.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.