Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must produce audit records containing date and timestamps (to one second resolution) for every event.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32954 | SRG-OS-000038-MOS-000014 | SV-43352r1_rule | Low |
| Description |
|---|
| Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Without sufficient information establishing when the audit events occurred, investigation into the cause of events is severely hindered. The inclusion of timestamps enables correlation of events across disparate systems, which can be critical to isolating IA incidents and developing appropriate countermeasures. Date and timestamp should be from a global time reference format to ensure geographic changes do not distort records. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2012-10-01 |
Details
| Check Text ( C-41255r1_chk ) |
|---|
| Review the audit logs for timestamps with a resolution of at least one second (i.e., the entry shows the date and time to the second it occurred) using a global time reference. If any log entry does not have a timestamp with a resolution of at least one second, this is a finding. |
| Fix Text (F-36869r1_fix) |
|---|
| Modify the audit configuration to include timestamps for audit entries using a global time reference. |