The operating system must initiate security auditing at system start-up.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33265 | SRG-OS-000254-MOS-000127 | SV-43684r1_rule | High |
| Description |
|---|
| The audit capability is most effective if it is running at all times. Otherwise there may be time gaps in the audit logs in which an adversary can hide malicious behavior. Initiating security auditing at system start-up mitigates the risk that there will be time periods in which auditing is not active. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41562r1_chk ) |
|---|
| Verify the mobile operating system configuration initiates auditing at system startup. Access to the audit logs may only be possible through mobile device management services. If security auditing is not operational after system start-up, this is a finding. |
| Fix Text (F-37195r1_fix) |
|---|
| Configure the operating system to initiate security auditing at system start-up. |