The mobile operating system must verify the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and at least every six hours thereafter using one or more DoD approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33195	SRG-OS-000202-MOS-000111	SV-43593r2_rule		High

Description
One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool detects unauthorized modifications to files or permissions and either prevents further operation or reports its findings so an appropriate response can occur.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41456r2_chk )
Review system documentation, operating system configuration, and other IA information resources to determine if the mobile operating system verifies the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and periodically thereafter using one or more DoD approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline. If such a capability is not embedded in the operating system, then the device must integrate a DoD approved tool providing this functionality. Inspect the device to determine if an active system scanning integrity capability or tool is resident on the device. Validate the capability has been deemed acceptable for use within DoD. If the capability is not present or is inadequate, this is a finding.

Check Text ( C-41456r2_chk )

Review system documentation, operating system configuration, and other IA information resources to determine if the mobile operating system verifies the integrity of all operating system files, device drivers, and security enforcement mechanisms at startup and periodically thereafter using one or more DoD approved cryptographic mechanisms that compare attributes of the operating system configuration to a known good baseline. If such a capability is not embedded in the operating system, then the device must integrate a DoD approved tool providing this functionality. Inspect the device to determine if an active system scanning integrity capability or tool is resident on the device.

Validate the capability has been deemed acceptable for use within DoD. If the capability is not present or is inadequate, this is a finding.

Fix Text (F-37096r1_fix)
If the operating system does not have a native integrity checking capability, install a DoD approved system integrity scanning capability or tool.