Applications must support the organizational requirement to automatically monitor on atypical usage of accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35155	SRG-APP-000030-MAPP-NA	SV-46442r1_rule		Medium

Description
Atypical account usage is behavior that is not part of normal usage cycles. For example, user account activity occurring after hours or on weekends. A comprehensive account management process will ensure that an audit trail which documents the use of application user accounts and as required, notifies administrators and/or application owners exists. Such a process greatly reduces the risk that compromised user accounts will continue to be used by unauthorized persons and provides logging that can be used for forensic purposes. Rationale for non-applicability: This SRG applies to single-user applications. Single-user applications do not require user account management.

Description

Atypical account usage is behavior that is not part of normal usage cycles. For example, user account activity occurring after hours or on weekends. A comprehensive account management process will ensure that an audit trail which documents the use of application user accounts and as required, notifies administrators and/or application owners exists. Such a process greatly reduces the risk that compromised user accounts will continue to be used by unauthorized persons and provides logging that can be used for forensic purposes. Rationale for non-applicability: This SRG applies to single-user applications. Single-user applications do not require user account management.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43539r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-39704r1_fix)
The requirement is NA. No fix is required.