Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must prevent non-privileged users from circumventing intrusion detection and prevention capabilities.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33188 | SRG-OS-000197-MOS-000106 | SV-43586r1_rule | High |
| Description |
|---|
| Intrusion detection and prevention capabilities must be architected and implemented to prevent non-privileged users from circumventing such protections. Ensuring that any security feature is protected against bypass, tampering, or disablement is best met by a mandatory access control mechanism. However, limited protection may also be accomplished through the use of user roles and systems permissions. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2012-10-01 |
Details
| Check Text ( C-41449r1_chk ) |
|---|
| Review system documentation, operating system configuration, and other IA information resources to determine if a non-privileged user can circumvent intrusion detection and prevention capabilities. Determine if a non-privileged user can terminate processes for the intrusion detection and prevention functionality. If a non-privileged user can circumvent this functionality, this is a finding. |
| Fix Text (F-37089r1_fix) |
|---|
| Configure the operating system and its intrusion detection and prevention capabilities so they cannot be circumvented by a non-privileged user. |