The mobile application must preserve organization-defined system state information in the event of an application failure.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35573	SRG-APP-000226-MAPP-00048	SV-46860r1_rule		Low

Description
Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving information system state information helps to facilitate system restart and return to the operational mode of the organization with less disruption of mission/business processes.

Description

Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving information system state information helps to facilitate system restart and return to the operational mode of the organization with less disruption of mission/business processes.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43913r1_chk )
If the application fails to an initial state, then it is not required to preserve any state information. Otherwise, perform a static program analysis to determine if the code supports the preservation of state information at all times. If the code does not support the preservation of state information at all times, this is a finding.

Fix Text (F-40114r1_fix)
Modify the code so that state information is preserved in the event of an application failure.