The operating system must protect the confidentiality and integrity of information at rest.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33177	SRG-OS-000185-NA	SV-43575r1_rule		Medium

Description
This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive, tape drive). The operating system must ensure the data being written to these devices is protected. In most cases, this is done via encryption. Rationale for non-applicability: This vulnerability is better addressed by CCI-001200, which includes cryptographic mechanisms to protect confidential and integrity of data at rest.

Description

This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive, tape drive). The operating system must ensure the data being written to these devices is protected. In most cases, this is done via encryption. Rationale for non-applicability: This vulnerability is better addressed by CCI-001200, which includes cryptographic mechanisms to protect confidential and integrity of data at rest.

STIG	Date
Mobile Operating System Security Requirements Guide	2012-10-01

Details

Check Text ( C-41438r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37078r1_fix)
The requirement is NA. No fix is required.