The operating system must employ automated mechanisms to enforce access restrictions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33050	SRG-OS-000088-NA	SV-43448r1_rule		Medium

Description
When dealing with access restrictions pertaining to change control, it should be noted that, any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Rationale for non-applicability: This vulnerability is better addressed by implementing CCI-000370, which states the mobile operating system must employ the capability of a Mobile Device Manager (MDM) to centrally manage configuration settings, including security policies. These security policies include policy related to discretionary access controls.

Description

When dealing with access restrictions pertaining to change control, it should be noted that, any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Rationale for non-applicability: This vulnerability is better addressed by implementing CCI-000370, which states the mobile operating system must employ the capability of a Mobile Device Manager (MDM) to centrally manage configuration settings, including security policies. These security policies include policy related to discretionary access controls.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41319r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-36950r1_fix)
The requirement is NA. No fix is required.