The MDM server must allocate sufficient audit record storage capacity for 7 days of operation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36289 | SRG-APP-072-MDM-251-SRV | SV-47693r1_rule | Medium |
| Description |
|---|
| Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. If auditing is not comprehensive and managed effectively, including adequate capacity, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44529r1_chk ) |
|---|
| On the MDM server, review the audit logs to verify 7 days of audit logs can be stored on the server. If the reserved storage for the audit records is less than 7 days, this is a finding. |
| Fix Text (F-40819r1_fix) |
|---|
| Allocate additional operating system audit log storage capacity for 7 days of operation. |