Title

The mobile application must preserve organization-defined system state information in the event of an application failure. (Cat III impact)

Discussion

Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving information system state information helps to facilitate system restart and return to the operational mode of the organization with less disruption of mission/business processes.

Check Content

If the application fails to an initial state, then it is not required to preserve any state information. Otherwise, perform a static program analysis to determine if the code supports the preservation of state information at all times. If the code does not support the preservation of state information at all times, this is a finding.

Fix Text

Modify the code so that state information is preserved in the event of an application failure.

Additional Identifiers

Rule ID: SV-46860r1_rule

Vulnerability ID: V-35573

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.