The operating system must automatically audit account modification.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33250	SRG-OS-000239-NA	SV-43668r1_rule		Medium

Description
Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. Traditional auditing of account management functions is not required in this context.

Description

Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. Traditional auditing of account management functions is not required in this context.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41546r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37180r1_fix)
The requirement is NA. No fix is required.