The operating system must employ automated mechanisms to restrict the use of maintenance tools to authorized personnel only.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33104	SRG-OS-000124-NA	SV-43502r1_rule		Medium

Description
The intent of this control is to address the security-related issues arising from the software brought into the operating system specifically for diagnostic and repair actions (e.g., a software packet sniffer introduced for the purpose of a particular maintenance activity). Rationale for non-applicability: A mobile operating system typically does not have local audit or maintenance tools. The IA control corresponding to CCI-001803 addresses restricting users from performing system management functions. In many cases, diagnostic tools on mobile devices are accessible to anyone in possession of the device.

Description

The intent of this control is to address the security-related issues arising from the software brought into the operating system specifically for diagnostic and repair actions (e.g., a software packet sniffer introduced for the purpose of a particular maintenance activity). Rationale for non-applicability: A mobile operating system typically does not have local audit or maintenance tools. The IA control corresponding to CCI-001803 addresses restricting users from performing system management functions. In many cases, diagnostic tools on mobile devices are accessible to anyone in possession of the device.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41363r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37004r1_fix)
The requirement is NA. No fix is required.