Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32934 | SRG-OS-000023-MOS-000004 | SV-43332r1_rule | Low |
Description |
---|
The operating system is required to display the DoD approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. This ensures the legal requirements for auditing and monitoring are met. System use notification messages can be displayed when individuals log in to the information system. The approved DoD text must be used as specified in the DoD CIO memorandum dated 9 May 2008 (see the check text for required wording). |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2012-10-01 |
Check Text ( C-41240r1_chk ) |
---|
Verify the mobile device displays the specific banner text (as designated below) at startup device unlock. If the mobile device is not capable of supporting a banner at startup device unlock, this is a finding. If there is no banner, or if the banner's wording does not match the approved wording, this is a finding. [Use this banner for devices accommodating banners of 1300 characters.] "DOD NOTICE AND CONSENT BANNER You are accessing a U.S. Government (USG) information system (IS) that is provided for USG-authorized use only. By using this IS, you consent to the following conditions: -The USG routinely monitors communications occurring on this IS, and any device attached to this IS, for purposes including, but not limited to, penetration testing, COMSEC monitoring, network defense, quality control, and employee misconduct, law enforcement, and counterintelligence investigations. -At any time, the USG may inspect and/or seize data stored on this IS and any device attached to this IS. -Communications occurring on or data stored on this IS, or any device attached to this IS, are not private. They are subject to routine monitoring and search. -Any communications occurring on or data stored on this IS, or any device attached to this IS, may be disclosed or used for any USG-authorized purpose. -Security protections may be utilized on this IS to protect certain interests that are important to the USG. For example, passwords, access cards, encryption or biometric access controls provide security for the benefit of the USG. These protections are not provided for your benefit or privacy and may be modified or eliminated at the USG's discretion." [For Blackberries and other PDAs/PEDs with severe character limitations.] "I've read & consent to terms in IS user agreem't." |
Fix Text (F-36850r1_fix) |
---|
Implement a banner at startup device unlock with text matching the required wording. |