The application must employ automated mechanisms to alert security personnel of inappropriate or unusual activities with security implications.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35597	SRG-APP-000237-MAPP-NA	SV-46884r1_rule		Medium

Description
Applications will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within the application. This information can then be used for diagnostic purposes, forensics purposes or other purposes relevant to ensuring the availability and integrity of the application. While it is important to log events identified as being critical and relevant to security, it is equally important to notify the appropriate personnel in a timely manner so they are able to respond to events as they occur. Solutions that include a manual notification procedure do not offer the reliability and speed of an automated notification solution. Applications must employ automated mechanisms to alert security personnel of inappropriate or unusual activities that have security implications. If this capability is not built directly into the application, the application must be able to integrate with existing security infrastructure that provides this capability. Rationale for non-applicability: Mobile applications should leverage the audit and alert functionality of the operating system and MDM. Stove-piped alert systems for particular mobile applications are likely to inhibit rather than facilitate proper incident response. If the mobile application connects to a remote enterprise resource, the enterprise application managing access to that resource would implement an appropriate alert mechanism.

Description

Applications will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within the application. This information can then be used for diagnostic purposes, forensics purposes or other purposes relevant to ensuring the availability and integrity of the application. While it is important to log events identified as being critical and relevant to security, it is equally important to notify the appropriate personnel in a timely manner so they are able to respond to events as they occur. Solutions that include a manual notification procedure do not offer the reliability and speed of an automated notification solution. Applications must employ automated mechanisms to alert security personnel of inappropriate or unusual activities that have security implications. If this capability is not built directly into the application, the application must be able to integrate with existing security infrastructure that provides this capability. Rationale for non-applicability: Mobile applications should leverage the audit and alert functionality of the operating system and MDM. Stove-piped alert systems for particular mobile applications are likely to inhibit rather than facilitate proper incident response. If the mobile application connects to a remote enterprise resource, the enterprise application managing access to that resource would implement an appropriate alert mechanism.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43940r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40138r1_fix)
The requirement is NA. No fix is required.