The mobile application must alert the MOS or MDM upon each instance of an application component failure

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35702	SRG-APP-000268-MAPP-00061	SV-46989r1_rule		Low

Description
An application that suffers a component failure is vulnerable to exposure that leaves the application, device, and stored data exposed to potential malicious activity. One component that may fail, yet leave the application operational is a security module that provides encryption of all data at rest or in transit. Similarly, a module that labels data with the appropriate classification attribute could also fail, yet allow the application to continue to function. In these instances, and with components that have failed, the application is no longer able to protect itself to the same level of security when fully operational. Alerts sent to the MOS provide information that can be used to initiate a fix or invoke incident response procedures.

Description

An application that suffers a component failure is vulnerable to exposure that leaves the application, device, and stored data exposed to potential malicious activity. One component that may fail, yet leave the application operational is a security module that provides encryption of all data at rest or in transit. Similarly, a module that labels data with the appropriate classification attribute could also fail, yet allow the application to continue to function. In these instances, and with components that have failed, the application is no longer able to protect itself to the same level of security when fully operational. Alerts sent to the MOS provide information that can be used to initiate a fix or invoke incident response procedures.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-44045r1_chk )
Perform a static program analysis to assess if the application sends an alert to either the MOS or MDM upon the failure of an application component. This alert may consist of an entry in the MOS logs. Moreover, it is acceptable to alert the MDM via the OS logs, if the MDM is configured to obtain the logs on a periodic basis. The testing must force a condition where each component that forms the application is purposely failed. If the application does not alert the MOS of a component failure, this is a finding.

Check Text ( C-44045r1_chk )

Perform a static program analysis to assess if the application sends an alert to either the MOS or MDM upon the failure of an application component. This alert may consist of an entry in the MOS logs. Moreover, it is acceptable to alert the MDM via the OS logs, if the MDM is configured to obtain the logs on a periodic basis. The testing must force a condition where each component that forms the application is purposely failed. If the application does not alert the MOS of a component failure, this is a finding.

Fix Text (F-40245r1_fix)
Modify code to alert the MOS when an application component fails.