The application must provide the capability to compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within organization-defined level of tolerance.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35277	SRG-APP-000086-MAPP-NA	SV-46564r1_rule		Medium

Description
Audit generation and audit records can be generated from various components within the information system. The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events). The events occurring must be time-correlated on order to conduct accurate forensic analysis. In addition, the correlation must meet a certain tolerance criteria. For instance, the organization may define that the time stamps of different audited events must not differ by any amount greater than ten seconds. Rationale for non-applicability: To the extent that a mobile application has auditing functionality, it would be expected to send audit events to the appropriate system log, which will then be transferred to an MDM server or centralized audit system. A centralized audit system is significantly more likely to provide the required time-correlated audit trail than audit capabilities developed for specific mobile applications.

Description

Audit generation and audit records can be generated from various components within the information system. The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events). The events occurring must be time-correlated on order to conduct accurate forensic analysis. In addition, the correlation must meet a certain tolerance criteria. For instance, the organization may define that the time stamps of different audited events must not differ by any amount greater than ten seconds. Rationale for non-applicability: To the extent that a mobile application has auditing functionality, it would be expected to send audit events to the appropriate system log, which will then be transferred to an MDM server or centralized audit system. A centralized audit system is significantly more likely to provide the required time-correlated audit trail than audit capabilities developed for specific mobile applications.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43646r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-39823r1_fix)
The requirement is NA. No fix is required.