The operating system, at managed interfaces, must deny network traffic and must audit internal users (or malicious code) posing a threat to external information systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33128	SRG-OS-000150-NA	SV-43526r1_rule		Medium

Description
Detecting internal actions that may pose a security threat to external information systems is sometimes termed extrusion detection. Extrusion detection at the information system boundary includes the analysis of network traffic (incoming, as well as, outgoing) looking for indications of an internal threat to the security of external systems. Rationale for non-applicability: Mobile devices operate outside of enclave boundary. The arrangement of boundary protection devices is outside the scope of their control. The boundary protection devices will enforce strong authentication for VPN and other network connections.

Description

Detecting internal actions that may pose a security threat to external information systems is sometimes termed extrusion detection. Extrusion detection at the information system boundary includes the analysis of network traffic (incoming, as well as, outgoing) looking for indications of an internal threat to the security of external systems. Rationale for non-applicability: Mobile devices operate outside of enclave boundary. The arrangement of boundary protection devices is outside the scope of their control. The boundary protection devices will enforce strong authentication for VPN and other network connections.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41387r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37028r1_fix)
The requirement is NA. No fix is required.