The operating system must employ organization defined information system components with no writeable storage that are persistent across component restart or power on/off.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33180	SRG-OS-000189-NA	SV-43578r1_rule		Medium

Description
Organizations may require operating systems to be non-modifiable or to be stored and executed on non-writeable storage (e.g., there are no CD-ROM drives common on PCs). Use of non-modifiable storage ensures the integrity of the program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Rationale for non-applicability: Mobile OS devices must be flash upgradable in order to implement patches to vulnerabilities. The small form factor of a mobile device does not easily allow for multiple forms of storage. Therefore, the persistent memory on a mobile device must be writeable and cannot support this requirement.

Description

Organizations may require operating systems to be non-modifiable or to be stored and executed on non-writeable storage (e.g., there are no CD-ROM drives common on PCs). Use of non-modifiable storage ensures the integrity of the program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Rationale for non-applicability: Mobile OS devices must be flash upgradable in order to implement patches to vulnerabilities. The small form factor of a mobile device does not easily allow for multiple forms of storage. Therefore, the persistent memory on a mobile device must be writeable and cannot support this requirement.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41441r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37081r1_fix)
The requirement is NA. No fix is required.