The operating system must protect non-local maintenance sessions through the use of a strong authenticator tightly bound to the user.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33108	SRG-OS-000128-NA	SV-43506r1_rule		Medium

Description
Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. "Maintenance" is typically automated and is not associated with a human user account. Additionally, the IA control corresponding to CCI-000877 more clearly articulates the intent of this requirement.

Description

Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. "Maintenance" is typically automated and is not associated with a human user account. Additionally, the IA control corresponding to CCI-000877 more clearly articulates the intent of this requirement.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41367r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37008r1_fix)
The requirement is NA. No fix is required.