DoD STIGs – V-32191

Overview:

Title: Applications must not enable information system functionality providing the capability for automatic execution of code on mobile devices without user direction.

Vulnerability ID: V-32191

STIG ID:

IA Controls: None

Severity: medium

Description: Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices).

Auto execution vulnerabilities can result in malicious programs being automatically executed. Examples of information system functionality providing the capability for automatic execution of code are Auto Run and Auto Play. Auto Run and Auto Play are components of the Microsoft Windows operating system dictating what actions the system takes when a drive is mounted. This requirement is designed to address vulnerabilities arising when mobile devices such as USB memory sticks or other mobile storage devices are automatically mounted and applications are automatically invoked without user knowledge or acceptance.

This requirement is specific to applications that enable information system functionality for automatic execution of code on mobile devices. This is NA for databases.

Check Text: This check is NA for databases.

Fix Text: This fix is NA for databases.

[divider]

Interpreting V-32191:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.