The MDM server must send alerts to the administrator or organizations central audit management system when the audit log size reaches an organization defined critical percentage of capacity and full capacity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36290 | SRG-APP-071-MDM-252-SRV | SV-47694r1_rule | Low |
| Description |
|---|
| MDM server auditing capability is critical for accurate forensic analysis. Alerting administrators when audit log size thresholds are exceeded helps ensure the administrators can respond to heavy activity in a timely manner. Failure to alert increases the probability that an adversary’s actions will go undetected. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44530r1_chk ) |
|---|
| Verify the MDM server sends alerts to the administrator or organization's central audit management system when the audit log size reaches an organization defined critical percentage of capacity. Review audit logs and MDM server configuration. If designated alerts are not sent, this is a finding. |
| Fix Text (F-40820r1_fix) |
|---|
| Configure the MDM server audit feature to alert the administrator or organization's central audit management system when the audit log size reaches an organization defined critical percentage of capacity and full capacity. |