UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The AirWatch MDM Server must record an event in the audit log each time the server makes a security relevant configuration change on a managed mobile device.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48041 ARWA-02-000079 SV-60913r1_rule Medium
Description
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Security-relevant configuration changes, if not authorized, are a breach of system security and might indicate a broader attack is occurring. Recording security-relevant changes in the audit logs mitigates the risk that unauthorized changes will go undetected.
STIG Date
AirWatch MDM STIG 2015-11-30

Details

Check Text ( C-50477r1_chk )
Inspect the audit logs to ensure security relevant configuration changes are being recorded. Make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes do not appear in the log, this is a finding.

To access event log: From the administration console, (1) click the "Menu" button on top of the tool bar, and (2) click "Events" under "Reports and Analytics" heading. From the "Events" menu, (3) click the "Device Events" button. (4) Filter events by clicking on the "Date Range," "Severity," "Category," or "Module" drop-down menus and define parameters, or use the search box located to the right of the drop-down filters to search the event logs.
Fix Text (F-51653r1_fix)
Configure the AirWatch MDM Server to record an event in the device audit log each time there is a security relevant configuration change.

To access the Device event log: From the administration console, (1) click the "Menu" button on top of the tool bar, and (2) click "Events" under "Reports and Analytics" heading. From the "Events" menu, (3) click the "Device Events" button. (4) Filter events by clicking on the "Date Range," "Severity," "Category," or "Module" drop-down menus and define parameters, or use the search box located to the right of the drop-down filters to search the event logs.