The MDM server must produce audit records containing sufficient information to establish the sources of the events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36278 | SRG-APP-098-MDM-245-SRV | SV-47682r1_rule | Low |
| Description |
|---|
| MDM server auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, IP addresses, and access control or flow control rules invoked. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44518r1_chk ) |
|---|
| On the MDM server, review the audit logs to determine whether the entries include sufficient information to establish the sources of the events. If an entry does not provide information to establish the sources of events, this is a finding. |
| Fix Text (F-40808r1_fix) |
|---|
| Modify the audit configuration to include sufficient information to establish the sources of the events. |