kriterion 0.0.1

data/standards/stig_microsoft_word_2016.json

@@ -0,0 +1,215 @@
+{
+  "name": "stig_microsoft_word_2016",
+  "date": "2016-12-21",
+  "description": "The Microsoft Word 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems.  Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.",
+  "title": "Microsoft Word 2016 STIG",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-71041",
+      "title": "Disabling of user name and password syntax from being used in URLs must be enforced.",
+      "description": "The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to create a hyperlink that appears to open a legitimate website but actually opens a deceptive (spoofed) website. For example, the URL http://www.wingtiptoys.com@example.com appears to open http://www.wingtiptoys.com but actually opens http://example.com. To protect users from such attacks, Internet Explorer usually blocks any URLs using this syntax.\n\nThis functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a web page). If user names and passwords in URLs are allowed, users could be diverted to dangerous web pages, which could pose a security risk.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71043",
+      "title": "Blocking as default file block opening behavior must be enforced.",
+      "description": "Users can open, view, or edit a large number of file types in Office 2016.  Some file types are safer than others, as some could allow malicious code to become active on user computers or the network.  For this reason, disabling or not configuring this setting could allow malicious code to become active on user computers or the network.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71045",
+      "title": "The Internet Explorer Bind to Object functionality must be enabled.",
+      "description": "Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the security settings for the zone in which the control is located do not allow it to be initialized.\nThis functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a web page). A security risk could occur if potentially dangerous controls are allowed to load.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71047",
+      "title": "The Saved from URL mark must be selected to enforce Internet zone processing.",
+      "description": "Typically, when Internet Explorer loads a web page from a Universal Naming Convention (UNC) share that contains a Mark of the Web (MOTW) comment, indicating the page was saved from a site on the Internet, Internet Explorer runs the page in the Internet security zone instead of the less restrictive Local Intranet security zone. This functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a web page). If Internet Explorer does not evaluate the page for a MOTW, potentially dangerous code could be allowed to run.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71049",
+      "title": "Configuration for file validation must be enforced.",
+      "description": "Office File Validation helps detect and prevent a kind of exploit known as a file format attack or file fuzzing attack. File format attacks exploit the integrity of a file. They occur when someone modifies the structure of a file with the intent of adding malicious code. Usually the malicious code is run remotely and is used to elevate the privilege of restricted accounts on the computer. As a result, an attacker could gain access to a computer that they did not previously have access to. This could enable an attacker to read sensitive information from the computer's hard disk drive or install malware, such as a worm or a key logging program. The Office File Validation feature helps prevent file format attacks by scanning and validating files before they are opened. To validate files, Office File Validation compares a file's structure to a predefined file schema, which is a set of rules that determine what a readable file looks like. If Office File Validation detects that a file's structure does not follow all rules that are described in the schema, the file does not pass validation.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71051",
+      "title": "Files from the Internet zone must be opened in Protected View.",
+      "description": "This policy setting allows for determining if files downloaded from the Internet zone open in Protected View. If enabling this policy setting, files downloaded from the Internet zone do not open in Protected View. If disabling or not configuring this policy setting, files downloaded from the Internet zone open in Protected View.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71053",
+      "title": "Navigation to URLs embedded in Office products must be blocked.",
+      "description": "To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a web page). If Internet Explorer attempts to load a malformed URL, a security risk could occur.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71055",
+      "title": "Scripted Window Security must be enforced.",
+      "description": "Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not configuring this setting allows unknown websites to:\n-Create browser windows appearing to be from the local operating system.\n-Draw active windows displaying outside of the viewable areas of the screen capturing keyboard input.\n-Overlay parent windows with their own browser windows to hide important system information, choices or prompts.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71057",
+      "title": "Add-on Management functionality must be allowed.",
+      "description": "Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring this setting could allow malicious code or users to become active on user computers or the network. For example, a malicious user can monitor and then use keystrokes users type into Internet Explorer. Even legitimate add-ons may demand resources, compromising the performance of Internet Explorer, and the operating systems for user computers.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71059",
+      "title": "Add-ins to Office applications must be signed by a Trusted Publisher.",
+      "description": "Office 2016 applications do not check the digital signature on application add-ins before opening them.  Disabling or not configuring this setting may allow an application to load a dangerous add-in.  As a result, malicious code could become active on user computers or the network.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71061",
+      "title": "Links that invoke instances of Internet Explorer from within an Office product must be blocked.",
+      "description": "The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a web page). If the Pop-up Blocker is disabled, disruptive and potentially dangerous pop-up windows could load and present a security risk.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71063",
+      "title": "Trust Bar Notifications for unsigned application add-ins must be blocked.",
+      "description": "If an application is configured to require all add-ins to be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message informing users about the unsigned add-in. If a user is allowed to make the determination to allow an unsigned add-in, it increases the risk of malicious code being introduced onto the user's computer or the network.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71065",
+      "title": "File Downloads must be configured for proper restrictions.",
+      "description": "Disabling this setting allows websites to present file download prompts via code without the user specifically initiating the download.  User preferences may also allow the download to occur without prompting or interaction with the user.  Even if Internet Explorer prompts the user to accept the download, some websites abuse this functionality.  Malicious websites may continually prompt users to download a file or present confusing dialog boxes to trick users into downloading or running a file.  If the download occurs and it contains malicious code, the code could become active on user computers or the network.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71067",
+      "title": "All automatic loading from trusted locations must be disabled.",
+      "description": "Trusted locations specified in the Trust Center are used to define file locations assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. By default, files located in trusted locations (those specified in the Trust Center) are assumed to be safe.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71069",
+      "title": "Disallowance of trusted locations on the network must be enforced.",
+      "description": "Files located in Trusted Locations and specified in the Trust Center are typically assumed to be safe. Content, code, and add-ins are allowed to load from Trusted Locations with minimal security and without prompting the user for permission. By default, users can specify Trusted Locations on network shares, or in other remote locations not under their direct control, by selecting the \"Allow Trusted Locations on my network\" (not recommended) check box in the Trusted Locations section of the Trust Center. If a dangerous file is opened from a trusted location, it will not be subject to typical security measures and could affect users' computers or data.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71071",
+      "title": "The Save commands default file format must be configured.",
+      "description": "When users create new document files, Word 2016 saves them in the new Word 2016 .docx format.  Ensure this setting is enabled to specify that all new files are created in Word 2016.  If a new document is created in an earlier format, some users may not be able to open or use the file, or they may choose a format this is less secure than the Word 2016 format.  Users can still select a specific format when they save files, but they cannot change default of this setting from the Word Options dialog box.  This enforced user behavior ensures any change to the file format requires additional deliberate user interaction.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71073",
+      "title": "Force encrypted macros to be scanned in open XML documents must be determined and configured.",
+      "description": "When an Office Open XML document (Word, Excel, and PowerPoint) is rights-managed, or password-protected, any macros embedded in the document are encrypted along with the rest of the contents.  By default, these encrypted macros will be disabled unless they are scanned by antivirus software immediately before being loaded. If this default configuration is modified, Office products will not require encrypted macros to be scanned before loading. They will be handled as specified by the Office System macro security settings, which can cause macro viruses to load undetected and lead to data loss or reduced application functionality.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71075",
+      "title": "Trust access for VBA must be disallowed.",
+      "description": "VSTO projects require access to the Visual Basic for Applications project system in Excel, PowerPoint, and Word, even though the projects do not use Visual Basic for Applications. Design-time support of controls in both Visual Basic and C# projects depends on the Visual Basic for Applications project system in Word and Excel. By default, Excel, Word, and PowerPoint do not allow automation clients to have programmatic access to VBA projects. Users can enable this by selecting the Trust access to the VBA project object model in the Macro Settings section of the Trust Center. However, doing so allows macros in any documents the user opens to access the core Visual Basic objects, methods, and properties, which represents a potential security hazard.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71077",
+      "title": "Protection from zone elevation must be enforced.",
+      "description": "Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine zone, making this security zone a prime target for malicious users and code. Disabling or not configuring this setting could allow pages in the Internet zone to navigate to pages in the Local Machine zone to then run code to elevate privileges. This could allow malicious code or users to become active on user computers or the network.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71079",
+      "title": "ActiveX Installs must be configured for proper restriction.",
+      "description": "Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in the browser like the other types of HTML or Microsoft Silverlight-based controls. Disabling or not configuring this setting does not block prompts for ActiveX control installations and these prompts display to users. This could allow malicious code to become active on user computers or the network.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71081",
+      "title": "Files in unsafe locations must be opened in Protected View.",
+      "description": "This policy setting determines if files located in unsafe locations will open in Protected View. If unsafe locations have not been specified, only the \"Downloaded Program Files\" and \"Temporary Internet Files\" folders are considered unsafe locations. If enabling this policy setting, files located in unsafe locations do not open in Protected View. If disabling or not configuring this policy setting, files located in unsafe locations open in Protected View.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71083",
+      "title": "Document behavior if file validation fails must be set.",
+      "description": "This policy key controls the behavior of how Office documents should be handled when failing file validation. By requiring such documents to be opened in Protected View, any potentially malicious code would be disabled, allowing the user to edit the document and resaved correctly.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71085",
+      "title": "Attachments opened from Outlook must be in Protected View.",
+      "description": "This policy setting allows for determining if Word files in Outlook attachments open in Protected View. If enabling this policy setting, Outlook attachments do not open in Protected View. If disabling or not configuring this policy setting, Outlook attachments open in Protected View.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71087",
+      "title": "The automatically update links feature must be disabled.",
+      "description": "When users open documents Word automatically updates any links to external content, such as graphics, Excel worksheets, and PowerPoint slides. To disable automatic updating, the user can click the Office Button, click Word Options, click Advanced, scroll to the General section, and then clear the Update automatic links at open check box.\nIf Word is configured to automatically update links when documents are open, document content can change without the user's knowledge, which could put important information at risk.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71089",
+      "title": "Warning Bar settings for VBA macros must be configured.",
+      "description": "When users open files containing VBA macros, applications open the files with the macros disabled and display the Trust Bar with a warning that macros are present and have been disabled. Users may then enable these macros by clicking Options on the Trust Bar and selecting the option to enable them. Disabling or not configuring this setting may allow dangerous macros to become active on user computers or the network.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71091",
+      "title": "Online translation dictionaries must not be used.",
+      "description": "This setting allows you to prevent online dictionaries from being used for the translation of text through the Research pane.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71093",
+      "title": "Word 2 and earlier binary documents and templates must be blocked for open/save.",
+      "description": "This setting specifies whether users can open, view, edit, or save Word files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks that occur during between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71095",
+      "title": "Word 2000 binary documents and templates must be configured to edit in protected view.",
+      "description": "This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling the editing of the specified format in protected view, it mitigates zero-day security attacks (which are attacks that occur during between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71097",
+      "title": "Word 6.0 binary documents and templates must be configured for block open/save actions.",
+      "description": "This setting specifies whether users can open, view, edit, or save Word files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks that occur during between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71099",
+      "title": "Word 95 binary documents and templates must be configured to edit in protected view.",
+      "description": "This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling the editing of the specified format in protected view, it mitigates zero-day security attacks (which are attacks that occur during between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71101",
+      "title": "Word 97 binary documents and templates must be configured to edit in protected view.",
+      "description": "This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling the editing of the specified format in protected view, it mitigates zero-day security attacks (which are attacks that occur during between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71103",
+      "title": "Word XP binary documents and templates must be configured to edit in protected view.",
+      "description": "This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling the editing of the specified format in protected view, it mitigates zero-day security attacks (which are attacks that occur during between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71107",
+      "title": "Macros must be blocked from running in Office files from the Internet.",
+      "description": "This policy setting allows you to block macros from running in Office files that come from the Internet.  If you enable this policy setting, macros are blocked from running, even if 'Enable all macro's is selected in the Macro Settings section of the Trust Center. Also, instead of having the choice to 'Enable Content', users will receive a notification that macros are blocked from running. If the Office file is saved to a trusted location or was previously trusted by the user, macros will be allowed to run.  If you disable or don't configure this policy setting, the settings configured in the Macro Settings section of the Trust Center determine whether macros run in Office files that come from the Internet. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-71643",
+      "title": "Files on local Intranet UNC must be opened in Protected View.",
+      "description": "This policy setting lets you determine if files on local Intranet UNC file shares open in Protected View. If you enable this policy setting, files on local Intranet UNC file shares open in Protected View if their UNC paths appear to be within the Internet zone. If you disable or do not configure this policy setting, files on Intranet UNC file shares do not open in Protected View if their UNC paths appear to be within the Internet zone. ",
+      "severity": "medium"
+    }
+  ]
+}

data/standards/stig_mobile_application_management_mam_server.json

@@ -0,0 +1,95 @@
+{
+  "name": "stig_mobile_application_management_mam_server",
+  "date": "2013-05-08",
+  "description": "This STIG provides technical security controls required for the use of a MAM server to manage applications installed on mobile devices in the DoD environment.\n\nThe requirements listed in this benchmark apply to any DoD iOS implementation when iOS devices process sensitive DoD information, connect to a DoD network or network connected PC, or provide service to a DoD email system.  The requirements can be implemented in an application server separate from the MDM server or included in the MDM server.  Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.",
+  "title": "Mobile Application Management (MAM) Server Security Technical Implementation Guide (STIG)",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-24972",
+      "title": "The required mobile device management server version (or later) must be used. ",
+      "description": "Earlier versions of the MDM server may have security vulnerabilities or not have required security features implemented. Therefore, sensitive DoD data could be exposed if required security features are not implemented on site-managed mobile devices.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-24973",
+      "title": "The host server where the mobile management server is installed must be hardened according to the appropriate Application STIG (SQL, Apache Tomcat, IIS, etc.). ",
+      "description": "The host server where the mobile management server is installed must be compliant with the Windows STIG and applicable application STIGs to ensure the system is not vulnerable to attack resulting in a Denial of Service or compromise of the management server.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-24975",
+      "title": "The host server where the mobile management server is installed must have a host-based or appliance firewall, which must be configured as required.\n",
+      "description": "A mobile device user could get access to unauthorized network resources (application and content servers, etc.) via the communications link between the mobile device and mobile management server if the server host firewall is not set up as required. HBSS is usually used to satisfy this requirement.",
+      "severity": "high"
+    },
+    {
+      "id": "V-25754",
+      "title": "The PKI digital certificate installed on mobile management servers for server authentication must be a DoD PKI-issued certificate.",
+      "description": "When a self-signed PKI certificate is used, a rogue mobile management server can impersonate the DoD mobile management server. DoDI 8520-02 requires PKI certificates come from a trusted DoD PKI.",
+      "severity": "low"
+    },
+    {
+      "id": "V-26564",
+      "title": "Authentication on system administration accounts for mobile management servers must be configured to support CTO 07-15 Rev 1 requirements.\n",
+      "description": "CTO 07-15 Rev 1 requires administrator accounts use either CAC authentication or use complex passwords to ensure strong access control is enforced. This is best enforced by requiring the server support AD authentication.",
+      "severity": "high"
+    },
+    {
+      "id": "V-32767",
+      "title": "The MAM server must be able to obtain applications from a DoD- managed application store. \n",
+      "description": "Applications installed on the device must come from approved sources to ensure the security baseline of the device is not compromised by the application, otherwise sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised.  If the MAM obtains applications from unauthorized sources, the application could contain malware and modify the security baseline of the mobile device, which may result in the exposure of sensitive DoD data.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32768",
+      "title": "The MAM server must install required applications on managed mobile devices.\n",
+      "description": "Some required applications are used to implement required security controls, which affect the security baseline of the device. If the security baseline is not maintained, sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised.\n",
+      "severity": "low"
+    },
+    {
+      "id": "V-32769",
+      "title": "The MAM server must manage a list of authorized applications (white list) by device account and by group account.\n",
+      "description": "Application white list enforcement ensures only authorized applications are installed on managed mobile devices. An unauthorized application could contain malware. In addition, the white list feature ensures malware from an email attachment or from a web site has not been installed on the device.",
+      "severity": "high"
+    },
+    {
+      "id": "V-32770",
+      "title": "The MAM server must be configured to prohibit the removal of required applications on managed devices or alert and take a predefined action if required applications have been removed.\n",
+      "description": "Some required applications are used to implement required security controls, which affect the security baseline of the device. If the security baseline is not maintained, sensitive DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32771",
+      "title": "The MAM server must scan the list of installed applications on managed mobile devices every 6 hours or less to determine if unapproved applications are installed.",
+      "description": "An unauthorized application could contain malware or be a malware application. ",
+      "severity": "high"
+    },
+    {
+      "id": "V-32772",
+      "title": "The MAM server must manage the installation of updates and patches for installed applications on managed mobile devices.\n",
+      "description": "Timely installation of application patches is a key mitigation action against compromise of an IT system by known attack methods.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32774",
+      "title": "The MAM server must allow the inspection of installed applications on managed mobile devices.",
+      "description": "The MAM must be able to determine key attributes of managed applications to ensure only authorized applications are installed on the device.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-33231",
+      "title": "The master AES encryption key used to encrypt data between the management server and the agent on the mobile device must be changed every 30 days or less. ",
+      "description": "There are two primary methods for generating the encryption key used to encrypt data between the management server and the server agent installed on the mobile device.  The first method is to use a shared secret and the second is to generate the master encryption key based on PKI key generation.  When a shared secret is used, if the master encryption key is not rotated periodically, and it is compromised, all future data sent between the mobile management server and the agent located on the mobile device would be compromised. Limiting the compromise to no more than a specific period of data is a security best practice.",
+      "severity": "low"
+    },
+    {
+      "id": "V-34417",
+      "title": "The MAM server must take predefined actions if unapproved applications are found after a scan of managed mobile devices. ",
+      "description": "An unauthorized application could contain malware or be a malware application. If the malware is not removed in a timely manner, DoD data and the enclave could be at risk of being compromised because the security baseline of the device has been compromised.",
+      "severity": "high"
+    }
+  ]
+}

data/standards/stig_mobile_application_security_requirements_guide.json

@@ -0,0 +1,233 @@
+{
+  "name": "stig_mobile_application_security_requirements_guide",
+  "date": "2014-07-22",
+  "description": "The Mobile Application Security Requirements Guide (SRG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.",
+  "title": "Mobile Application Security Requirements Guide",
+  "version": "2",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "SRG-APP-000033-MAPP-000010",
+      "title": "The mobile app must not modify, request, or assign values for operating system parameters unless necessary to perform application functions.",
+      "description": "A mobile app that operates with the privileges of its host OS is vulnerable to integrity issues and escalated privileges that would affect the entire platform and device. If the app is able to obtain OS privileges greater than necessary for proper operation, then an adversary is able to breach the app, has access to these additional privileges, and can perform unauthorized functions. These functions might include the ability to read sensitive data or execute unauthorized code. If the latter, then additional attacks on the system and DoD networks may be possible. Prohibiting an app from assigning itself unnecessary privileges greatly mitigates the risk of unauthorized use of those privileges.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000033-MAPP-000011",
+      "title": "The mobile app must not execute as a privileged operating system process unless necessary to perform any app functions.",
+      "description": "A mobile app that operates with the privileges of its host OS will make the OS, device, and other apps vulnerable to such issues as escalated privileges that would affect the entire platform and device. If the app is able to obtain OS privileges greater than necessary for proper operation, then an adversary able to breach the app has access to these additional privileges and can perform unauthorized functions. These functions might include the ability to read sensitive data, or execute unauthorized code. If the latter, then additional attacks on the system and DoD networks may be possible. In applying this control, the device and data are protected against attacks that would be easily executed by a malicious user who has gained numerous privileges.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000033-MAPP-000012",
+      "title": "A mobile app must not call APIs or otherwise invoke resources external to the mobile app unless such activity serves the documented purposes of the mobile app.",
+      "description": "A mobile app that does not operate within what should be appropriate limits will expose the device and all stored data inadvertently to non-secure domains, as well as provide a path for a malicious intruder to access the device and the data stored in it. If the mobile app calls APIs outside of its purpose, it could potentially perform unauthorized functions. These might include revealing the location of the user, obtaining data from the user's contact database, or other unauthorized functions. This control limits the API set and mitigates the risk that unauthorized actions are taking place with the app that could compromise the data’s confidentiality, as well as the user's safety and mission.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000057-MAPP-000017",
+      "title": "The mobile app must enforce organization-defined limitations on the embedding of data types within other data types.",
+      "description": "Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and without explicit regard to subsequent accesses to that information. Information flow enforcement mechanisms compare security attributes on all information (data content and data structure), source and destination objects, and respond appropriately (e.g., block, quarantine, alert administrator) when the mechanisms encounter information flows not explicitly allowed by the information flow policy. Embedding of data within other data is often used for the surreptitious transfer of data. For example, embedding data within an image file (e.g., .jpg) is referred to as steganography and is used to circumvent protections in place to protect information.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000133-MAPP-000030",
+      "title": "The mobile app must not enable other applications or non-privileged processes to modify software libraries.",
+      "description": "Many apps leverage software libraries to perform app functions. If the app makes these library files world writeable or otherwise allows unauthorized changes, then other processes on the device could modify the library to give the app capabilities it did not have originally. These capabilities might enable the app to exfiltrate sensitive DoD information or permit privilege escalation, possibly leading to attacks on additional systems. Libraries could be modified through enabling other apps to do so or through the app itself allowing the user to do so. Implementing this control prevents apps from acquiring capabilities for which they were not originally authorized. Please refer to CWEs: 250, 265, 272, and 284. The MAPP SRG Overview contains additional information on the use of CWEs.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000141-MAPP-000031",
+      "title": "The mobile app must not include source code, unreferenced code or subroutines that are never invoked during operation, except for software components and libraries from approved third-party products.",
+      "description": "Unused software and libraries increase a program size without any benefits and furthermore, may contain malicious code that would be later executed, and compromise the app and all stored data. Typically, unknown code cannot be evaluated as it is never executed during run time and thus it is not fully known that it is present until malicious action takes place. Implementing this control mitigates the risk of dormant code executing at an opportune moment, allowing itself privileges and compromising the integrity and confidentiality of all stored data on the device. Please refer to CWEs: 398, 478, 561, 563, 570, and 571 for further information. The MAPP SRG Overview contains additional information on the use of CWEs.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000142-MAPP-000032",
+      "title": "The mobile app must utilize ports or protocols in a manner consistent with DoD Ports and Protocols guidance.",
+      "description": "Failure to comply with DoD Ports, Protocols Services Management (PPSM) Category Assurance List (CAL) and associated vulnerability assessments may result in compromise of mobile protections or functionality of the app. Ports that are incorrectly used leave the app and device vulnerable to exposure from attacks that exploit ports that are open, are not used, and have no protection. This control assures that all application ports, protocols, and services needed for the app operation are in compliance with the DoD PPSM guidance. Implementing this control also mitigates the threat from malicious exploitation of open and unprotected ports that can lead to data integrity and confidentiality risks.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000225-MAPP-000047",
+      "title": "The mobile app must fail to an initial state when the application unexpectedly terminates, unless it maintains a secure state at all times.",
+      "description": "An app maintains a secure state when there is strong assurance that each of its state transitions is consistent with the app's security policy. For many mobile apps, the only state for which the state is known to be compliant is the initial state because it does not have a documented security policy regarding state transitions. An app could be compromised, providing an attack vector to the app and OS if initialization, shutdown, and aborts are not designed to keep the app in a secure state. If the app fails without closing or shutting down processes or open sessions; authentication and validation mechanisms are considered weak and do not provide sufficient protection against unauthorized access to the application and all stored data. In applying this control, the app can be secured to its initial level of security in the event the app crashes or terminates. This will mitigate the threat of an unauthorized user taking control of the device and accessing the app and stored data, compromising its integrity and confidentiality.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000243-MAPP-000049",
+      "title": "The mobile app must not write data to persistent memory accessible to other applications.",
+      "description": "Persistent memory is memory that retains data even when the device is no longer powered on. It is often referred to as non-volatile memory and is typically used for file storage. If the app shares the same location of persistent memory with that used by other apps to include encrypted data, then the data is at great risk to exposure through being available to other apps after the app has shut down or a user session has terminated. Furthermore, even though the OS will always be able to read files, other apps that share the same persistent memory are potentially less secure and thus offer an accessible means for malicious intruders to retrieve this information through the other app. In many operating environments, assigning unique process IDs to each app facilitates their separation from one another. In applying this control, the user will be less susceptible to malicious intrusion and extrusion of data that resides in areas shared by other apps.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000267-MAPP-000060",
+      "title": "The mobile app must not transmit error messages to any entity other than authorized audit logs, the MDM, or the device display.",
+      "description": "Error messages that are transmitted outside of the app environment reveal weaknesses in the app that will offer the potential for exposure to malicious users. By default many error messages contain data pertaining to the session, the ports, and user and in some instances, their authentication credentials. Through this control, any issues that an app may have are restricted to the user and the personnel who have access to audit logs.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000342-MAPP-000100",
+      "title": "The mobile app must prevent organization-defined software from executing at higher privilege levels than users executing the software.",
+      "description": "In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000372-MAPP-000100",
+      "title": "The mobile app must synchronize internal information system clocks to the MOS-based authoritative time source.",
+      "description": "Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. \n\nSynchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. Organizations should consider setting time periods for different types of systems (e.g., financial, legal, or mission-critical systems). Organizations should also consider endpoints that may not have regular access to the authoritative time server (e.g., mobile, teleworking, and tactical endpoints). This requirement is related to the comparison done every 24 hours in CCI-001891 because a comparison must be done in order to determine the time difference.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000381-MAPP-000010",
+      "title": "The mobile app must not change the file permissions of any files other than those dedicated to its own operation.",
+      "description": "A file's access level is pivotal to a mobile app and its data's security. The modification of a file's permission must be strictly controlled in an effort to maintain the integrity and confidentially of the data stored. If the file permissions are easily changed, attackers will try to gain any possible level of access and then try to escalate that level until they are able to obtain restricted data or make unapproved system modifications. This control mitigates the risk of privilege escalation by an unauthorized process or user resulting in data integrity and confidentiality issues. Please refer to CWEs: 250, 265, 272, and 284. The MApp SRG Overview contains additional information on the use of CWEs.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000388-MAPP-000100",
+      "title": "The mobile app, when  conditions defined in CCI-0002856, CP-12 are detected, must enter a safe mode of operation defined in CCI-0002857, CP-12.",
+      "description": "Configuring the app to revert to a predetermined safe mode of operation helps ensure continuity of critical operations during adverse conditions.\n\nFor apps supporting mission-critical functions, including military operations and weapons systems (especially real-time operational environments), organizations may choose to identify certain conditions under which the app will revert to a predetermined safe mode of operation. The safe mode of operation, which can be activated automatically or manually, restricts the types of app functions/commands that can be performed when those conditions are encountered. Restrictions include, for example, allowing only certain functions that could be carried out under limited power or with reduced communications bandwidth.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000391-MAPP-000100",
+      "title": "The mobile app must accept Public Key Infrastructure (PKI) credentials.",
+      "description": "The use of PKI credentials facilitates standardization and reduces the risk of unauthorized access.\n\nThe DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000392-MAPP-000100",
+      "title": "The mobile app must electronically verify Personal Identity Verification (PIV) credentials.",
+      "description": "The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.\n\nThe DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000393-MAPP-000100",
+      "title": "The mobile app must implement organization-defined out-of-band authentication under organization-defined conditions.",
+      "description": "Out-of-band authentication uses two separate networks or channels to communicate between two parties or devices. For example, a user can access a site through a network connection, and a one-time password can be sent through a cellular network to that user's mobile device. This reduces the probability of the authentication process being compromised.\n\nThis type of authentication can be employed by organizations to mitigate actual or suspected man-in the-middle attacks. The conditions for activation can include, for example, suspicious activities, new threat indicators or elevated threat levels, or the impact level or classification level of information in requested transactions.\n\nOut-of-band authentication (OOBA) refers to the use of two separate communication paths to identify and authenticate users or devices to an information system.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000416-MAPP-000100",
+      "title": "The mobile app must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.",
+      "description": "Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The app must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000439-MAPP-000100",
+      "title": "The mobile app must protect the confidentiality and integrity of transmitted information.",
+      "description": "Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered. \n\nCommunication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. Protecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, then logical means (cryptography) do not have to be employed, and vice versa.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000449-MAPP-000100",
+      "title": "The mobile app must validate information output from software programs and/or applications defined in SI-15, CCI-0002770 to ensure the information is consistent with the expected content.",
+      "description": "Certain types of cyber attacks (e.g., SQL injections) produce output results that are unexpected or inconsistent with the output results that would normally be expected from software programs or applications. This requirement focuses on detecting extraneous content, preventing such extraneous content from being displayed, and alerting monitoring tools that anomalous behavior has been discovered.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000514-MAPP-000100",
+      "title": "If the underlying MOS does not provide NIST FIPS-validated crypto modules, the mobile app must implement NIST FIPS-validated cryptography for the following: to provision digital signatures; to generate cryptographic hashes; and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.",
+      "description": "Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The app must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000034",
+      "title": "The mobile app must not lock or set permissions on application files in a manner such that the operating system or an approved backup application cannot copy the files.",
+      "description": "If the app is able to lock files or modify file permissions in a manner that prevents higher-level system operations, such as backup and copying from taking place, then the potential exists for the data to be lost. This condition may also be a form of denial of service if the operating system cannot recover the locked areas, thereby leaving fewer resources for other processes. In applying this control, the system is able to perform its overarching control and functional procedures, above any privileges the app, the user, or an intruder may have. The control must be employed judiciously. For example, file access should not be so broad as to allow non-approved apps from reading the files (e.g., by setting files to world readable).",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000038",
+      "title": "Mobile apps involved in the production, control, and distribution of symmetric cryptographic keys must use NIST approved or NSA approved key management technology and processes.",
+      "description": "Symmetric cryptographic keys must be managed according to approved processes using approved technology, to ensure malicious intruders do not take advantage of any network resource exposure that may occur as a result of non-standard practices and tools being applied. If non-standard practices are applied to production, control, and distribution of symmetric cryptographic keys, then the DoD is potentially vulnerable to attack from adversaries who are able to exploit weak encryption keys that have been used by the app and system. This control assures the DoD a much higher degree of assurance that intruders will not gain access to the network through weaknesses that are mitigated or eradicated through best and approved practices and key management technologies.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000039",
+      "title": "Mobile apps involved in the production, control, and distribution of asymmetric cryptographic keys must use NIST approved or NSA approved key management technology and processes.",
+      "description": "Asymmetric cryptographic keys must be managed according to approved processes using approved technology, to ensure malicious intruders do not take advantage of any network resource exposure that may occur as a result of non-standard practices and tools being applied. If non-standard practices are applied to production, control, and distribution of asymmetric cryptographic keys, then the DoD is potentially vulnerable to attack from adversaries who are able to exploit weak encryption keys that have been used by the app and system. In applying this control, the DoD can be assured of a much higher degree of assurance that intruders will not gain access to the network through weaknesses that are mitigated or eradicated through best and approved practices and key management technologies.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000040",
+      "title": "Mobile apps involved in the production, control, and distribution of asymmetric cryptographic keys must use approved PKI Class 3 certificates or prepositioned keying material.",
+      "description": "Class 3 certificates are issued to individuals, organizations, servers, devices, and administrators for CAs and root authorities (RAs). Class 3 certificates undergo independent verification and checking of identity and authority which is performed by the issuing (CA). Networks and applications not using Class 3 Certificates are vulnerable to a multiple of malicious attacks that would essentially allow unauthorized access to and intrusion in a network. Similarly, using approved PKI class 3 certificates ensure malicious intruders do not take advantage of any network resource exposure that may occur as a result of non-standard practices and tools being applied. In applying this control, the use of approved PKI Class 3 certificates will assure authentication, message, data and content integrity, and confidentiality encryption.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000041",
+      "title": "Mobile apps involved in the production, control, and distribution of asymmetric cryptographic keys must use approved PKI Class 3 or class 4 certificates and hardware tokens that protect the user's private key.",
+      "description": "Class 3 and 4 certificates are issued by individuals, organizations, servers, devices, and administrators for CAs and root authorities (RAs). A hardware token offers an additional layer of security in addition to a password. Networks and applications not using hardware tokens to protect the private Class 3 certificates are vulnerable to a multiple of malicious attacks that would essentially allow unauthorized access and intrusion in a network. Networks and applications not using Class 3 and 4 certificates and hardware tokens are vulnerable to a multiple of malicious attacks that would essentially allow unauthorized access to and intrusion in a network. Similarly, using approved PKI class 3/4 certificates and hardware tokens, ensure malicious intruders do not take advantage of any network resource exposure that may occur as a result of non-standard practices and tools being applied. Users of Class 3/4 certificates, as well as hardware tokens, will be assured of an extra level of security that will protect their certificates and the user's private key. The DoD CAC is an example of a compliant solution.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000064",
+      "title": "The mobile app code must not contain hardcoded references to resources external to the app.",
+      "description": "Hardcoded resources include URLs and path references to files outside of the app environment.  An adversary who is aware of such references can attack the app by breaching the external resource it calls. In most cases, such references may be placed in configuration files that may be updated when the resource reference is no longer valid.  This also makes such references more transparent than they would be if they remained embedded in app code.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000065",
+      "title": "The mobile app must remove temporary files when it terminates.",
+      "description": "Temporary files left on the system after an app has terminated may contain sensitive information.  Such sensitive information includes authentication credentials or session identifiers that would enable an adversary to gain unauthorized access to other resources. Removing such files when an app terminates greatly mitigates the risk of this attack that would exploit these files and use them to re-launch the app, enjoy user privileges or breach the confidentiality or integrity of the data stored on the device.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000066",
+      "title": "The mobile app must remove cookies or information used to track a users identity when it terminates.",
+      "description": "If the app does not remove temporary data, such as authentication data, temporary files containing sensitive data, and cookies, the data can be used again if the device is lost or stolen.  Such information could also be used to track the user across app sessions or even across different apps, which poses an OPSEC risk.  The temporary data could be used to reauthenticate the user or allow unauthorized access to sensitive data. Removing cookies assures the DoD greater security from intruders and unauthorized users accessing the temporary data and using it to potentially access the system, accessing sensitive data and compromising sensitive data's integrity.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000067",
+      "title": "The mobile app must clear or overwrite memory blocks used to process potentially sensitive data. Sensitive data may include PII,  a user's location, or authentication credentials.",
+      "description": "Sensitive data in memory should be cleared or overwritten to protect data that may be available to an attacker seeking ways to gain access to data that otherwise appears erased.  Unless an app can overwrite memory blocks, the possibility exists for an attacker to cause the app to crash and analyze a memory dump of the app for sensitive information.  Clearing memory will ensure the DoD the app can operate more securely, with greater protection applied to sensitive data that will be properly removed when no longer required.   Additional overwriting requirements may be applicable to classified apps.  Please refer to CWEs: 14, 226, 244, and 591 for further information.  The MAPP SRG Overview contains additional information on the use of CWEs.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000068",
+      "title": "The mobile app must not be vulnerable to integer arithmetic vulnerabilities.",
+      "description": "Integer overflows occur when an integer has not been properly checked and is used in memory allocation, copying, and concatenation.  Also, when incrementing integers past their maximum possible value, it could potentially become a very small or negative number.  Integer overflows can lead to infinite looping when loop index variables are compromised and cause a denial of service.  If the integer is used in data references, the data can become corrupt.  Also, using the integer in memory allocation can cause buffer overflows and a denial of service.  Integers used in access control mechanisms can potentially trigger buffer overflows, which can be used to execute arbitrary code.  Removing integer arithmetic vulnerabilities mitigates the risk of multiple vulnerabilities to include denial of service to the app and the execution of arbitrary code.  Please refer to CWEs: 125, 126, 190, 195, 197, 398, 787, and 805 for further information.  The MAPP SRG Overview contains additional information on the use of CWEs.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000069",
+      "title": "The mobile app must not call functions vulnerable to buffer overflows.",
+      "description": "Buffer overflow attacks occur when improperly validated input is passed to an app overwriting memory.  Buffer overflow errors stop execution of the app causing a minimum of denial of service and possibly a system call to a command shell giving an attacker access to the underlying operating system.  An app that avoids buffer flow situations assures the DoD greater availability of the app due to better security against DoS attacks.  Please refer to CWEs: 20, 74, 78, 88, 117, 119, 120, 125, 129, 131, 134, 135, 170, 170, 176, 193, 195, 242, 249, 250, 251, 265, 415, 560, 686, 733, 787, and 805 for further information.  The MAPP SRG Overview contains additional information on the use of CWEs. Further information on testing for buffer overflows can be seen at https://www.owasp.org/index.php/Reviewing_Code_for_Buffer_Overruns_and_Overflows.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000071",
+      "title": "The mobile app must not be vulnerable to race conditions.",
+      "description": "A race condition occurs when an app receives two or more actions on the same resource in an unanticipated order which causes a conflict.   Sometimes, the resource is locked by different users or functions within the app, creating a deadlock situation.  Racing can occur when the design uses global variables in place of local variables, or a multi-threaded app does not use thread safe functions when threads are accessing the same object or data, as two examples.  Applying this control, the DoD is protected against situations that would reduce the security posture of the app, device, data, and network as a result of security-related components not able to function as a result of the race condition.  Furthermore, the user is also protected against access and availability issues that result from the app or certain components of the app from functioning correctly as a result of the race condition.  Examples of race conditions vulnerabilities can be obtained from the OWASP website at https://www.owasp.org.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000073",
+      "title": "The mobile app must initialize all parameter values on startup.",
+      "description": "A mobile app could be compromised, providing an attack vector to it if the app initialization process is not designed to keep the app in both a secure and functional state.  Any operating parameter in the app, such as variables and settings, must be reset and initialized to default values, otherwise an adversary in possession of the device could access the app with privileges. An app that re-initializes its parameters at start up is assured a more secure session since the app has initialized all functional components that allow it to operate properly and thus securely.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000075",
+      "title": "The mobile app must not record or forward sensor data unless explicitly authorized to do so.",
+      "description": "Sensors include the GPS, gyroscope, accelerometer, camera, and microphone.  When sensor data is either recorded locally or sent to a remote server, the potential exists for an adversary to obtain sensitive information that could be used to harm the user or compromise information systems.  In particular, when location data is forwarded, the user may be physically targeted.  User safety and mission assurance risks are mitigated when sensor data is only collected or forwarded when expressly authorized.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000077",
+      "title": "The mobile app source code must not contain adware or known malware.",
+      "description": "Malware will compromise the app data, device, and system.   Under no circumstances will any code that is known to contain adware or malware be used. The entire application ecosystem will operate at a higher security with much higher integrity than a system with known malware.",
+      "severity": "medium"
+    },
+    {
+      "id": "SRG-APP-000516-MAPP-000078",
+      "title": "Unless the MOS manages app signing, the mobile app installation package must be digitally signed in accordance with FIPS 186-3 approved methods.",
+      "description": "One of the biggest risks on a mobile device is that it will execute malware that will compromise sensitive data on the device or enable subsequent attacks on other DoD information systems.    One of the most effective means for preventing malware execution is to authenticate that software comes from a trusted source before it is installed. Digital signatures on software can be used to authenticate that the software comes from a trusted source.   Signing the software in accordance with FIPS 186-3 provides additional assurance that the signature was affixed properly.",
+      "severity": "medium"
+    }
+  ]
+}