Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-48041 | ARWA-02-000079 | SV-60913r1_rule | Medium |
Description |
---|
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Security-relevant configuration changes, if not authorized, are a breach of system security and might indicate a broader attack is occurring. Recording security-relevant changes in the audit logs mitigates the risk that unauthorized changes will go undetected. |
STIG | Date |
---|---|
AirWatch MDM STIG | 2014-08-08 |
Check Text ( C-50477r1_chk ) |
---|
Inspect the audit logs to ensure security relevant configuration changes are being recorded. Make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes do not appear in the log, this is a finding. To access event log: From the administration console, (1) click the "Menu" button on top of the tool bar, and (2) click "Events" under "Reports and Analytics" heading. From the "Events" menu, (3) click the "Device Events" button. (4) Filter events by clicking on the "Date Range," "Severity," "Category," or "Module" drop-down menus and define parameters, or use the search box located to the right of the drop-down filters to search the event logs. |
Fix Text (F-51653r1_fix) |
---|
Configure the AirWatch MDM Server to record an event in the device audit log each time there is a security relevant configuration change. To access the Device event log: From the administration console, (1) click the "Menu" button on top of the tool bar, and (2) click "Events" under "Reports and Analytics" heading. From the "Events" menu, (3) click the "Device Events" button. (4) Filter events by clicking on the "Date Range," "Severity," "Category," or "Module" drop-down menus and define parameters, or use the search box located to the right of the drop-down filters to search the event logs. |