Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must transfer audit logs to remote log or management servers.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32959 | SRG-OS-000043-MOS-000018 | SV-43357r1_rule | High |
| Description |
|---|
| Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Centralized management of audit records and logs provides for efficiency in maintenance of records, as well as, the backup and archiving of those records. When organizations define application components that require requiring centralized audit log management, operating systems need to support the requirement. The ability to transfer audit records from the mobile device to a remote log or management server protects their integrity and provides a centralized location to analyze their contents. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-04-12 |
Details
| Check Text ( C-41260r1_chk ) |
|---|
| Verify the audit logs are being transferred from the mobile device to a remote log or management server. If audit logs are not being transferred on request or on a period schedule, this is a finding. |
| Fix Text (F-36874r1_fix) |
|---|
| Configure the operating system to transfer audit logs to remote log or management servers. |