The application must produce audit records containing sufficient information to establish the sources of the events.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35289	SRG-APP-000098-MAPP-NA	SV-46576r1_rule		Medium

Description
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes but is not limited to: time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, filenames involved, access control or flow control rules invoked. Without information establishing the source of activity, the value of audit records from a forensics perspective is questionable. Rationale for non-applicability: The MOS SRG contains a requirement for logging application startup and a number of other security critical events. No further audit logging must be coded into each application running on the MOS but application developers may do so for application-specific concerns.

Description

Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes but is not limited to: time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, filenames involved, access control or flow control rules invoked. Without information establishing the source of activity, the value of audit records from a forensics perspective is questionable. Rationale for non-applicability: The MOS SRG contains a requirement for logging application startup and a number of other security critical events. No further audit logging must be coded into each application running on the MOS but application developers may do so for application-specific concerns.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43658r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-39835r1_fix)
The requirement is NA. No fix is required.