UCF STIG Viewer Logo

The MaaS360 MDM server must be configured to transfer MaaS360 MDM server logs to another server for storage, analysis, and reporting. Note: MaaS360 MDM server logs include logs of MDM events and logs transferred to the MaaS360 MDM server by MDM agents of managed devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-82153 M360-10-006300 SV-96867r1_rule Medium
Description
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. Since the MaaS360 MDM server has limited capability to store mobile device log files and perform analysis and reporting of mobile device log files, the MaaS360 MDM server must have the capability to transfer log files to an audit log management server. SFR ID: FMT_SMF.1.1(2) b FAU_STG_EXT.1.1(1)
STIG Date
IBM MaaS360 with Watson v10.x MDM Security Technical Implementation Guide 2018-11-14

Details

Check Text ( C-81955r1_chk )
Verify the site has set up access to web services to extract server logs.

If the site has not set up access to server logs so the logs can be stored on another server for analysis and reporting, this is a finding.
Fix Text (F-89007r1_fix)
The site system administrator must communicate with IBM to get access to web services to extract server logs.