The operating system must fail to an organization defined known state for organization defined types of failures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33176 | SRG-OS-000184-NA | SV-43574r1_rule | Medium |
| Description |
|---|
| Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. It helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving system state information facilitates system restart and return to the operational mode of the organization with less disruption of mission/business processes. Rationale for non-applicability: As per the MOS SRG IA control corresponding to CCI-001383, the mobile operating system must wipe the device after an organization defined number of incorrect passcode attempts. No other failure states are defined at this time. The applicability of this control may be reconsidered at a future date if it is determined that certain failure conditions require failure to specific known states. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41437r1_chk ) |
|---|
| This requirement is NA for the Mobile OS SRG. |
| Fix Text (F-37077r1_fix) |
|---|
| The requirement is NA. No fix is required. |