UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must prevent non-privileged users from circumventing malicious code protection capabilities.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33185 SRG-OS-000194-MOS-000105 SV-43583r1_rule Medium
Description
A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it, which enables subsequent attacks. If malicious code protection is itself protected, then it will prevent a non-privileged user or malicious software from disabling the protection mechanism. Ensuring that any security feature is protected against bypass, tampering, or disablement is best met by a mandatory access control mechanism in the mobile OS.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41446r1_chk )
Review the system documentation to determine if the malicious code protection capabilities are adequate. In particular, the protection mechanisms must load during the boot process and must not be able to be disabled. Reboot a device and verify the protection mechanisms are active after the boot cycle. Attempt to kill the protection process if it is identifiable. If the reviewer can disable the malicious code protection capabilities, this is a finding.
Fix Text (F-37086r1_fix)
Configure the malicious code protection capability so it cannot be circumvented.