The operating system must provide notification to an external device and halt the boot cycle if the OS detects tampering or fails operating system security tests.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33192	SRG-OS-000200-MOS-000109	SV-43590r2_rule		High

Description
Automated security tests performed by the mobile operating system are critical in the detection of IA attacks. Such checks include verification of the integrity of operating system files, device drivers, and security enforcement mechanisms by the operating system or third-party applications. However, users and systems administrators can only benefit from the security tests if they are notified in case of failure. A notification mechanism reduces the risk that a security breach will go undetected.

Description

Automated security tests performed by the mobile operating system are critical in the detection of IA attacks. Such checks include verification of the integrity of operating system files, device drivers, and security enforcement mechanisms by the operating system or third-party applications. However, users and systems administrators can only benefit from the security tests if they are notified in case of failure. A notification mechanism reduces the risk that a security breach will go undetected.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41453r4_chk )
Review the mobile operating system configuration to determine how the operating system responds in the event of a failed automated security test and tampering of the OS files. If the device is integrated with mobile device management (MDM) able to access device logs, then review system logs to determine if the operating system has provided notification of a failed automated security test. Otherwise, determine if there is some form of beaconing or alerting that could be detectable by an MDM or other network management system, or if the OS will terminate the boot cycle should the integrity of the OS files be compromised. If higher assurance is required, perform an action that would cause the device to fail an automated security test (e.g., insert unknown removable media), and verify the operating system provides notification of the failure. If there are any known security tests for which notification does not occur, this is a finding.

Check Text ( C-41453r4_chk )

Review the mobile operating system configuration to determine how the operating system responds in the event of a failed automated security test and tampering of the OS files. If the device is integrated with mobile device management (MDM) able to access device logs, then review system logs to determine if the operating system has provided notification of a failed automated security test. Otherwise, determine if there is some form of beaconing or alerting that could be detectable by an MDM or other network management system, or if the OS will terminate the boot cycle should the integrity of the OS files be compromised. If higher assurance is required, perform an action that would cause the device to fail an automated security test (e.g., insert unknown removable media), and verify the operating system provides notification of the failure. If there are any known security tests for which notification does not occur, this is a finding.

Fix Text (F-37093r2_fix)
Configure the operating system to provide notification of failed automated security tests and to halt the boot cycle if tampering of the OS has been detected.