Title

The mobile application must alert the MOS or MDM upon each instance of an application component failure (Cat III impact)

Discussion

An application that suffers a component failure is vulnerable to exposure that leaves the application, device, and stored data exposed to potential malicious activity. One component that may fail, yet leave the application operational is a security module that provides encryption of all data at rest or in transit. Similarly, a module that labels data with the appropriate classification attribute could also fail, yet allow the application to continue to function. In these instances, and with components that have failed, the application is no longer able to protect itself to the same level of security when fully operational. Alerts sent to the MOS provide information that can be used to initiate a fix or invoke incident response procedures.

Check Content

Perform a static program analysis to assess if the application sends an alert to either the MOS or MDM upon the failure of an application component. This alert may consist of an entry in the MOS logs. Moreover, it is acceptable to alert the MDM via the OS logs, if the MDM is configured to obtain the logs on a periodic basis. The testing must force a condition where each component that forms the application is purposely failed. If the application does not alert the MOS of a component failure, this is a finding.

Fix Text

Modify code to alert the MOS when an application component fails.

Additional Identifiers

Rule ID: SV-46989r1_rule

Vulnerability ID: V-35702

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.