The mobile operating system must use automated mechanisms to detect the presence of unauthorized software on organizational information systems and notify designated organizational officials in accordance with the organization defined frequency.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33243 | SRG-OS-000232-MOS-000123 | SV-43661r1_rule | Low |
| Description |
|---|
| Unauthorized software poses a risk to the device because it could potentially perform malicious functions, including but not limited to gathering sensitive information, searching for other system vulnerabilities, or modifying log entries. A mechanism to detect unauthorized software and notify officials of its presence assists in the task of removing such software to eliminate the risks it poses to the device and the networks to which the device attaches. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41539r1_chk ) |
|---|
| Review system documentation and operating system configuration to determine whether and how the operating system detects and reports the presence of unauthorized software. If feasible, install a test application that is authorized for such purpose, but which the system does not recognize as authorized. Verify the operating system detects the test application and reports it. If the operating system either fails to detect an authorized application or fails to report this (or both), this is a finding. |
| Fix Text (F-37173r1_fix) |
|---|
| Configure the operating system to detect the presence of unauthorized applications and report this information to designated organizational officials. |