The operating system must prevent access to organization defined security-relevant information except during secure, non-operable system states.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32917	SRG-OS-000008-NA	SV-43315r1_rule		Medium

Description
Security-relevant information is any information within the information system potentially impacting the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Organizations may define specific security relevant information requiring protection. Rationale for non-applicability: Resource constraints on mobile devices preclude implementation of this IA function. The applicability of this control may be reconsidered at a future date if subsequent generations of mobile devices are better able to support this control and the applications and data typically on the device justify its implementation.

Description

Security-relevant information is any information within the information system potentially impacting the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Organizations may define specific security relevant information requiring protection. Rationale for non-applicability: Resource constraints on mobile devices preclude implementation of this IA function. The applicability of this control may be reconsidered at a future date if subsequent generations of mobile devices are better able to support this control and the applications and data typically on the device justify its implementation.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41834r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37675r1_fix)
The requirement is NA. No fix is required.