Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33190 | SRG-OS-000198-MOS-000108 | SV-43588r1_rule | Medium |
Description |
---|
If an adversary can modify or delete information obtained from intrusion and integrity tools, then the adversary can hide evidence of an attack. Mechanisms to protect such data are necessary to mitigate the risk of these attacks and ensure they are detected in a timely manner. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41451r1_chk ) |
---|
Review system documentation and operating system configuration to verify data collected by intrusion and integrity monitoring tools is either encrypted or sufficiently protected with file permissions not available to processes running user applications. If the reviewer has obtained evidence that modification or deletion of such data is possible, or if the reviewer can modify such data directly, this is a finding. |
Fix Text (F-37091r1_fix) |
---|
Configure the operating system and intrusion and integrity monitoring tools to protect data generated by such tools. |