UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must maintain reviewer/releaser identity and credentials within the established chain of custody for all information reviewed or released.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33203 SRG-OS-000210-NA SV-43603r1_rule Medium
Description
When it comes to data review and data release, there must be a correlation between the reviewed data and the person who performs the review. If the reviewer is a human or if the review function is automated but separate from the release/transfer function, the operating system associates the identity of the reviewer of the information to be released with the information and the information label. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. Therefore, the chain of custody is not relevant to activities on the device itself. Chain of custody is critical to the handling of audit records in the context of the enterprise audit logging system. The Mobile Device Management SRG addresses enterprise logging requirements.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41466r1_chk )
This requirement is NA for the Mobile OS SRG.
Fix Text (F-37106r1_fix)
The requirement is NA. No fix is required.