The MDM server must send alerts to the administrator or organizations central audit management system when the audit log size reaches an organization defined critical percentage of capacity and full capacity.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MDM server must send alerts to the administrator or organizations central audit management system when the audit log size reaches an organization defined critical percentage of capacity and full capacity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36290	SRG-APP-071-MDM-252-SRV	SV-47694r1_rule		Low

Description
MDM server auditing capability is critical for accurate forensic analysis. Alerting administrators when audit log size thresholds are exceeded helps ensure the administrators can respond to heavy activity in a timely manner. Failure to alert increases the probability that an adversary’s actions will go undetected.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44530r1_chk )
Verify the MDM server sends alerts to the administrator or organization's central audit management system when the audit log size reaches an organization defined critical percentage of capacity. Review audit logs and MDM server configuration. If designated alerts are not sent, this is a finding.

Fix Text (F-40820r1_fix)
Configure the MDM server audit feature to alert the administrator or organization's central audit management system when the audit log size reaches an organization defined critical percentage of capacity and full capacity.