UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows 10 Mobile must generate audit records.


Overview

Finding ID Version Rule ID IA Controls Severity
V-70115 MSWM-10-203003 SV-84737r1_rule Low
Description
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify attacks, so that breaches can either be prevented or limited in their scope. They facilitate analysis to improve performance and security. Auditable events include: 1. Start-up and shutdown of the audit functions; 2. All administrative actions; 3. Start-up and shutdown of the OS and kernel; 4. Insertion or removal of removable media; 5. Establishment of a synchronizing connection; 6. Specifically defined auditable events in Table 10 of MDF PP v.2.0. SFR ID: FAU_GEN.1.1
STIG Date
Microsoft Windows 10 Mobile Security Technical Implementation Guide 2017-09-11

Details

Check Text ( C-70591r1_chk )
Review Windows 10 Mobile configuration settings to determine if auditing is configured to generate audit records.

This validation procedure is performed only on the MDM administration console.

On the MDM administration console:

1. Ask the MDM administrator to verify the Security Auditing policy.
2. Find the setting for enabling auditing using the "Security Auditing".
3. Verify that setting configuration is turned on.

If the MDM does not have a compliance policy that enables "Security Auditing", this is a finding.
Fix Text (F-76351r1_fix)
Configure the MDM system to require the "Security Auditing" policy to be enabled for Windows 10 Mobile devices.

Deploy the MDM policy on managed devices.