The operating system must enforce a two-person rule for changes to organization defined information system components and system-level information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33053	SRG-OS-000091-NA	SV-43451r1_rule		Medium

Description
Regarding access restrictions for changes made to organization defined information system components and system level information. Any changes to the hardware, software, and/or firmware components of the operating system can potentially have significant effects on the overall security of the system. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. In this context, a two-person rule is not relevant. Changes resulting from MDM control of the device are within the scope of the MDM SRG.

Description

Regarding access restrictions for changes made to organization defined information system components and system level information. Any changes to the hardware, software, and/or firmware components of the operating system can potentially have significant effects on the overall security of the system. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. In this context, a two-person rule is not relevant. Changes resulting from MDM control of the device are within the scope of the MDM SRG.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41322r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-36953r1_fix)
The requirement is NA. No fix is required.