The MDM server must include the software component (e.g., administration module, mobile device security policy module, etc.) that generated each event recorded in audit logs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36276 | SRG-APP-097-MDM-244-SRV | SV-47680r1_rule | Low |
| Description |
|---|
| MDM server auditing capability is critical for accurate forensic analysis. The inclusion of software component that generated each event in the audit logs enables system administrators and IA personnel to identify the source of problems and incidents. Without this data, the component information may not be known. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44516r1_chk ) |
|---|
| On the MDM server, review the audit logs to determine whether the entries include the software component that generated the event. If an entry does not provide information regarding the source of the event, this is a finding. |
| Fix Text (F-40806r1_fix) |
|---|
| Modify the audit configuration to include the software component that generated the event for each entry in the audit logs. |