The mobile operating system must prevent the user of the device from directly administering UIDs, file permissions, and system configuration files, and from starting and stopping system processes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33113	SRG-OS-000133-MOS-000075	SV-43511r1_rule		High

Description
If the user of the device can perform management functions, the user could modify the device configuration to degrade the IA posture of the device. Preventing such activity mitigates the risk of this vulnerability.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41372r1_chk )
Navigate the mobile operating system and applications to determine if it is possible to directly administer UIDs, file permissions, and system configuration files. Also do this to determine if it is possible to start or stop system processes. The presence of applications that launch a command line shell is an indicator that this may be possible. If any of the listed management functions can be performed, this is a finding.

Check Text ( C-41372r1_chk )

Navigate the mobile operating system and applications to determine if it is possible to directly administer UIDs, file permissions, and system configuration files. Also do this to determine if it is possible to start or stop system processes. The presence of applications that launch a command line shell is an indicator that this may be possible. If any of the listed management functions can be performed, this is a finding.

Fix Text (F-37013r1_fix)
Configure the mobile operating system to prevent the user of the device from directly administering UIDs, file permissions, and system configuration files, and from starting and stopping system processes.