The mobile operating system must enforce a mandatory access control (MAC) policy that prohibits any application, user, or process from modifying software in the trusted computing base with the exception of protected processes dedicated to performing updates to particular trusted computing base components.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32913	SRG-OS-000007-MOS-000001	SV-43311r1_rule		Medium

Description
The trusted computing base includes the OS, device drivers, system and security configuration files, and key material. OS functions include audit and security policy enforcement mechanisms. In the context of this requirement, an update process is protected if is not modifiable by other processes and requires cryptographic authentication before performing updates. When access control to trusted computing base components is discretionary, a malicious user or program who obtains the necessarily privileges can circumvent security controls on the device. This likely enables the malicious user or process to obtain sensitive data and launch attacks on other systems. Privilege elevation on discretionary access control (DAC) systems can occur in a variety of ways that cannot be detected by the operating system or intrusion detection software. MAC systems preclude the possibility of this sort of privilege elevation by design and therefore greatly reduce the risk of system security breaches.

Description

The trusted computing base includes the OS, device drivers, system and security configuration files, and key material. OS functions include audit and security policy enforcement mechanisms. In the context of this requirement, an update process is protected if is not modifiable by other processes and requires cryptographic authentication before performing updates. When access control to trusted computing base components is discretionary, a malicious user or program who obtains the necessarily privileges can circumvent security controls on the device. This likely enables the malicious user or process to obtain sensitive data and launch attacks on other systems. Privilege elevation on discretionary access control (DAC) systems can occur in a variety of ways that cannot be detected by the operating system or intrusion detection software. MAC systems preclude the possibility of this sort of privilege elevation by design and therefore greatly reduce the risk of system security breaches.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41223r2_chk )
Review OS documentation to determine if the OS supports MAC and to determine the scope of the trusted computing base. Review the MAC policy to determine if it prevents any application, user, or process from modifying software in the trusted computing base. Verify update processes are the only processes permitted to perform updates. Also, verify each update process is dedicated to the component it updates and does not update other components or perform functions other than software update. If the OS does not support MAC, or the MAC policy does not prevent unauthorized modification of software in the trusted computing base, or the software update process is not compliant, this is a finding.

Check Text ( C-41223r2_chk )

Review OS documentation to determine if the OS supports MAC and to determine the scope of the trusted computing base. Review the MAC policy to determine if it prevents any application, user, or process from modifying software in the trusted computing base. Verify update processes are the only processes permitted to perform updates. Also, verify each update process is dedicated to the component it updates and does not update other components or perform functions other than software update. If the OS does not support MAC, or the MAC policy does not prevent unauthorized modification of software in the trusted computing base, or the software update process is not compliant, this is a finding.

Fix Text (F-36833r1_fix)
Configure the mobile operating system to enforce mandatory access controls (MAC) prohibiting any application, user, or process from modifying software in the trusted computing base with the exception of protected processes dedicated to performing updates to particular trusted computing base components.