The mobile operating system must provide a real-time alert to the mobile device management server when organization defined audit failure events occur.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32965 | SRG-OS-000049-MOS-000024 | SV-43363r1_rule | Medium |
| Description |
|---|
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Organizations must define audit failure events requiring an alarm. When those defined events occur, the mobile operating system must provide a real-time alert to the mobile device management server. By warning the mobile device management server that an audit failure event occurred, appropriate personnel and processes can take corrective action. The mobile operating system should also notify the user in the event intermittent network connectivity is causing the audit failure event. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2012-10-01 |
Details
| Check Text ( C-41266r1_chk ) |
|---|
| Verify the auditing system can provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur. If the auditing system cannot provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur or is not configured to do so, this is a finding. |
| Fix Text (F-36880r1_fix) |
|---|
| Configure the mobile operating system to provide a real-time alert to the mobile device management server when the audit log size reaches an organization defined audit failure events occur. |