The mobile operating system must provide a real-time alert to the mobile device management server when organization defined audit failure events occur.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32965	SRG-OS-000049-MOS-000024	SV-43363r1_rule		Medium

Description
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Organizations must define audit failure events requiring an alarm. When those defined events occur, the mobile operating system must provide a real-time alert to the mobile device management server. By warning the mobile device management server that an audit failure event occurred, appropriate personnel and processes can take corrective action. The mobile operating system should also notify the user in the event intermittent network connectivity is causing the audit failure event.

Description

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Organizations must define audit failure events requiring an alarm. When those defined events occur, the mobile operating system must provide a real-time alert to the mobile device management server. By warning the mobile device management server that an audit failure event occurred, appropriate personnel and processes can take corrective action. The mobile operating system should also notify the user in the event intermittent network connectivity is causing the audit failure event.

STIG	Date
Mobile Operating System Security Requirements Guide	2012-10-01

Details

Check Text ( C-41266r1_chk )
Verify the auditing system can provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur. If the auditing system cannot provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur or is not configured to do so, this is a finding.

Check Text ( C-41266r1_chk )

Verify the auditing system can provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur. If the auditing system cannot provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur or is not configured to do so, this is a finding.

Fix Text (F-36880r1_fix)
Configure the mobile operating system to provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur.