The mobile application must fail to an initial state when the application unexpectedly terminates, unless it maintains a secure state at all times.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35570	SRG-APP-000225-MAPP-00047	SV-46857r1_rule		Medium

Description
An application maintains a secure state when there is strong assurance that each of its state transitions is consistent with the application's security policy. For many mobile applications, the only state for which the state is known to be compliant is the initial state because it does not have a documented security policy regarding state transitions. An application could be compromised, providing an attack vector to the application and OS if initialization, shutdown, and aborts are not designed to keep the application in a secure state. If the application fails without closing or shutting down processes or open sessions; authentication and validation mechanisms are considered weak and do not provide sufficient protection against unauthorized access to the application and all stored data. In applying this control, the application can be secured to its initial level of security in the event the application crashes or terminates. This will mitigate the threat of an unauthorized user taking control of the device and accessing the application and stored data, compromising its integrity and confidentiality.

Description

An application maintains a secure state when there is strong assurance that each of its state transitions is consistent with the application's security policy. For many mobile applications, the only state for which the state is known to be compliant is the initial state because it does not have a documented security policy regarding state transitions. An application could be compromised, providing an attack vector to the application and OS if initialization, shutdown, and aborts are not designed to keep the application in a secure state. If the application fails without closing or shutting down processes or open sessions; authentication and validation mechanisms are considered weak and do not provide sufficient protection against unauthorized access to the application and all stored data. In applying this control, the application can be secured to its initial level of security in the event the application crashes or terminates. This will mitigate the threat of an unauthorized user taking control of the device and accessing the application and stored data, compromising its integrity and confidentiality.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43910r1_chk )
For applications that do not maintain a secure state at all times, perform a dynamic program analysis and perform transactions, so the application is in a state other than its initial state. Use OS controls to terminate the application or to create conditions that would force the application to terminate or crash. Restart the application and examine the application to determine if it is in its initial state. If it is not in its initial state, this is a finding.

Check Text ( C-43910r1_chk )

For applications that do not maintain a secure state at all times, perform a dynamic program analysis and perform transactions, so the application is in a state other than its initial state. Use OS controls to terminate the application or to create conditions that would force the application to terminate or crash. Restart the application and examine the application to determine if it is in its initial state. If it is not in its initial state, this is a finding.

Fix Text (F-40111r1_fix)
Modify the code and architecture to ensure the application returns to a secure, initial state upon unexpected termination.