The MDM server must include date and timestamps in each event recorded in audit logs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36275 | SRG-APP-096-MDM-243-SRV | SV-47679r1_rule | Low |
| Description |
|---|
| MDM server auditing capability is critical for accurate forensic analysis. The inclusion of timestamps better enables for correlation of events across disparate systems, which can be critical to isolating IA incidents and developing appropriate countermeasures. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44515r1_chk ) |
|---|
| On the MDM server, review the audit logs to determine whether the entries have timestamps with a resolution of at least one second (i.e., the entry shows the second it occurred). If any log entry does not have a timestamp with a resolution of at least one second, this is a finding. |
| Fix Text (F-40804r1_fix) |
|---|
| Modify the audit configuration to include timestamps for audit entries. |