The operating system must automatically audit account termination.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33252	SRG-OS-000241-NA	SV-43670r1_rule		Medium

Description
Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. Traditional auditing of account management functions is not required in this context.

Description

Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. Traditional auditing of account management functions is not required in this context.

STIG	Date
Mobile Operating System Security Requirements Guide	2012-10-01

Details

Check Text ( C-41548r2_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37182r1_fix)
The requirement is NA. No fix is required.