Applications must notify users of organization-defined security-related changes to the users account occurring during the organization-defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35270 | SRG-APP-000079-MAPP-NA | SV-46557r1_rule | Medium |
| Description |
|---|
| Some organizations may define certain security events as events requiring user notification. An organization may define an event such as a password change to a user's account occurring outside of normal business hours as a security related event requiring that the application user be notified. In those instances, where organizations define such events, the application must notify the affected user or users. Rationale for non-applicability: An assumption of this SRG is that a single user will be operating the mobile device, eliminating the need for OS and application account management and for notifying users regarding changes to account security. To the extent that the local application connects to a remote multi-user application, the remote application can notify the user of security changes through a variety of mechanisms outside the scope of the local application. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2013-01-04 |
Details
| Check Text ( C-43639r1_chk ) |
|---|
| This requirement is NA for the MAPP SRG. |
| Fix Text (F-39816r1_fix) |
|---|
| The requirement is NA. No fix is required. |