Title

Applications must notify users of organization-defined security-related changes to the users account occurring during the organization-defined time period. (Cat II impact)

Discussion

Some organizations may define certain security events as events requiring user notification. An organization may define an event such as a password change to a user's account occurring outside of normal business hours as a security related event requiring that the application user be notified. In those instances, where organizations define such events, the application must notify the affected user or users. Rationale for non-applicability: An assumption of this SRG is that a single user will be operating the mobile device, eliminating the need for OS and application account management and for notifying users regarding changes to account security. To the extent that the local application connects to a remote multi-user application, the remote application can notify the user of security changes through a variety of mechanisms outside the scope of the local application.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46557r1_rule

Vulnerability ID: V-35270

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.