UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must use automated mechanisms to detect the presence of unauthorized software on organizational information systems and notify designated organizational officials in accordance with the organization defined frequency.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33243 SRG-OS-000232-MOS-000123 SV-43661r1_rule Low
Description
Unauthorized software poses a risk to the device because it could potentially perform malicious functions, including but not limited to gathering sensitive information, searching for other system vulnerabilities, or modifying log entries. A mechanism to detect unauthorized software and notify officials of its presence assists in the task of removing such software to eliminate the risks it poses to the device and the networks to which the device attaches.
STIG Date
Mobile Operating System Security Requirements Guide 2012-10-01

Details

Check Text ( C-41539r1_chk )
Review system documentation and operating system configuration to determine whether and how the operating system detects and reports the presence of unauthorized software. If feasible, install a test application that is authorized for such purpose, but which the system does not recognize as authorized. Verify the operating system detects the test application and reports it. If the operating system either fails to detect an authorized application or fails to report this (or both), this is a finding.
Fix Text (F-37173r1_fix)
Configure the operating system to detect the presence of unauthorized applications and report this information to designated organizational officials.