Google Android 11 must be configured to enable audit logging.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-228592	GOOG-11-005505	SV-228592r510289_rule		Medium

Description
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. To be useful, Administrators must have the ability to view the audit logs. SFR ID: FMT_SMF_EXT.1.1 #32

STIG	Date
Google Android 11 COBO Security Technical Implementation Guide	2020-09-18

Details

Check Text ( C-30827r505601_chk )
Review documentation on the Google Android device and inspect the configuration on the Google Android device to enable audit logging. This validation procedure is performed on only on the EMM Administration Console. On the EMM console, do the following: 1. Open "Device owner management" section. 2. Verify that "Enable security logging" is toggled to On. If the EMM console device policy is not set to enable audit logging, this is a finding.

Check Text ( C-30827r505601_chk )

Review documentation on the Google Android device and inspect the configuration on the Google Android device to enable audit logging.

This validation procedure is performed on only on the EMM Administration Console.

On the EMM console, do the following:
1. Open "Device owner management" section.
2. Verify that "Enable security logging" is toggled to On.

If the EMM console device policy is not set to enable audit logging, this is a finding.

Fix Text (F-30804r505602_fix)
Configure the Google Android 11 device to enable audit logging. On the EMM console: 1. Open "Device owner management" section. 2. Toggle "Enable security logging" to On.