The mobile operating system must generate audit records for the DoD-required auditable events.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32981	SRG-OS-000064-MOS-000032	SV-43379r1_rule		Medium

Description
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events) for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Mobile operating systems must produce audit records for the events defined at the organizational level. Specifically, at a minimum, audit records must be produced for these events: - Unsuccessful attempts to access, modify, or delete privileges, security objects, security levels, or categories of information (e.g., classification levels) by processes other than the operating system - Successful and unsuccessful unlock attempts - All application initiations - All application installation and removal - All kernel module load, unload, and restart

Description

The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events) for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Mobile operating systems must produce audit records for the events defined at the organizational level. Specifically, at a minimum, audit records must be produced for these events: - Unsuccessful attempts to access, modify, or delete privileges, security objects, security levels, or categories of information (e.g., classification levels) by processes other than the operating system - Successful and unsuccessful unlock attempts - All application initiations - All application installation and removal - All kernel module load, unload, and restart

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41280r2_chk )
Examine the mobile operating system configuration to determine if DoD-required auditable events are generated. If the DoD-required auditable events are not generated, this is a finding.