The mobile operating system must verify the integrity of application software before each instance of its execution.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33060	SRG-OS-000097-MOS-000063	SV-43458r2_rule		Medium

Description
A common method to compromise system security is to modify application software to perform malicious functions that will execute when the user runs the application. Verifying the integrity of the software before execution protects against such an attack. This is typically accomplished by checking cryptographic hashes or digital signatures on software program files. Rationale for non-applicability: the feature as described is more suited for a Mobile Device Manager (MDM) to implement as opposed to an OS.

Description

A common method to compromise system security is to modify application software to perform malicious functions that will execute when the user runs the application. Verifying the integrity of the software before execution protects against such an attack. This is typically accomplished by checking cryptographic hashes or digital signatures on software program files. Rationale for non-applicability: the feature as described is more suited for a Mobile Device Manager (MDM) to implement as opposed to an OS.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41329r2_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-36960r2_fix)
The requirement is NA. No fix is required.