The mobile operating system must provide audit record generation capability for the auditable events defined at the organizational level for the mobile device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32979	SRG-OS-000062-MOS-000030	SV-43377r2_rule		Medium

Description
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events) for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Mobile operating systems must produce audit records for the events defined at the organizational level. Specifically, at a minimum, audit records must be produced for these events: - Successful and unsuccessful attempts to access, modify, or delete privileges, security objects, security levels, or categories of information (e.g., classification levels) by processes other than the operating system - Successful and unsuccessful unlock attempts - Privileged activities or other system level access - Starting and ending time for user access to the system - All application initiations - All application installation and removal - All account creations, modifications, disabling, and terminations - All kernel module load, unload, and restart

Description

The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events) for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Mobile operating systems must produce audit records for the events defined at the organizational level. Specifically, at a minimum, audit records must be produced for these events: - Successful and unsuccessful attempts to access, modify, or delete privileges, security objects, security levels, or categories of information (e.g., classification levels) by processes other than the operating system - Successful and unsuccessful unlock attempts - Privileged activities or other system level access - Starting and ending time for user access to the system - All application initiations - All application installation and removal - All account creations, modifications, disabling, and terminations - All kernel module load, unload, and restart

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41278r1_chk )
Examine the mobile operating system configuration to determine if audit record generation capability exists for the auditable events defined at the organizational level. If audit records generation capability does not exist for the auditable events defined at the organizational level, this is a finding.

Fix Text (F-36893r1_fix)
Configure the mobile operating system for audit record generation capability for the auditable events defined at the organizational level.