The mobile operating system must provide audit record generation capability for the auditable events defined in at the organizational level for the mobile device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32979	SRG-OS-000062-MOS-000030	SV-43377r1_rule		Medium

Description
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events) for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Mobile operating systems must produce audit records for the events defined at the organizational level. Specifically, at a minimum, audit records must be produced for these events: - Unsuccessful attempts to access, modify, or delete privileges, security objects, security levels, or categories of information (e.g., classification levels) by processes other than the operating system - Successful and unsuccessful unlock attempts - All application initiations - All application installation and removal - All kernel module load, unload, and restart

Description

The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events) for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Mobile operating systems must produce audit records for the events defined at the organizational level. Specifically, at a minimum, audit records must be produced for these events: - Unsuccessful attempts to access, modify, or delete privileges, security objects, security levels, or categories of information (e.g., classification levels) by processes other than the operating system - Successful and unsuccessful unlock attempts - All application initiations - All application installation and removal - All kernel module load, unload, and restart

STIG	Date
Mobile Operating System Security Requirements Guide	2012-10-01

Details

Check Text ( C-41278r1_chk )
Examine the mobile operating system configuration to determine if audit record generation capability exists for the auditable events defined at the organizational level. If audit records generation capability does not exist for the auditable events defined at the organizational level, this is a finding.

Fix Text (F-36893r1_fix)
Configure the mobile operating system for audit record generation capability for the auditable events defined at the organizational level.