UCF STIG Viewer Logo

The operating system must automatically audit account termination.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33252 SRG-OS-000241-NA SV-43670r1_rule Medium
Description
Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Rationale for non-applicability: For the purposes of this SRG, a mobile operating system is assumed to support a single human-accessible user account. Traditional auditing of account management functions is not required in this context.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41548r2_chk )
This requirement is NA for the Mobile OS SRG.
Fix Text (F-37182r1_fix)
The requirement is NA. No fix is required.