Check: SRG-APP-000120-MAPP-NA
Mobile Application SRG:
SRG-APP-000120-MAPP-NA
(in version v1 r1)
Title
The application must protect audit information from unauthorized deletion. (Cat II impact)
Discussion
If audit data were to become compromised then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audit data the information system and/or the application must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods which will depend upon system architecture and design. Some commonly employed methods include: ensuring log files enjoy the proper file system permissions utilizing file system protections; restricting access and backing up log data to ensure log data is retained. Applications providing a user interface to audit data will leverage user permissions and roles identifying the user accessing the data and the corresponding rights the user enjoys in order make access decisions regarding the deletion of audit data. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. Rationale for non-applicability: The mobile operating system is best positioned to protect audit information from unauthorized access. System logs can be protected by nondiscretionary access control. This protects the audit records even if the root account has been compromised. Mobile applications cannot provide this level of assurance for their own logs. It is preferred that they write records to local system logs to the extent that they include audit functionality at all.
Check Content
This requirement is NA for the MAPP SRG.
Fix Text
The requirement is NA. No fix is required.
Additional Identifiers
Rule ID: SV-46644r1_rule
Vulnerability ID: V-35357
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000164 |
The information system protects audit information from unauthorized deletion. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |