Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must overwrite the oldest audit log entries when audit logs reach capacity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36294 | SRG-APP-109-MDM-254-SRV | SV-47698r1_rule | Low |
| Description |
|---|
| It is critical that when a system is at risk of failing to process audit logs as required, it detects and takes action to mitigate the failure. Overwriting the oldest audit log entries is the safest course of action in the context of the limited resources available on a mobile device that may not have network connectivity. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44535r1_chk ) |
|---|
| Review the configuration settings to determine whether the audit system is configured to overwrite the oldest audit log entries when audit logs reach capacity. If this capability is not apparent from the configuration files or vendor documentation, then take actions to fill the audit logs and verify the oldest entries are overwritten when the log is full. If the oldest entries are not overwritten, this is a finding. |
| Fix Text (F-40825r1_fix) |
|---|
| Configure the MDM server to overwrite the oldest audit log entries when audit logs reach capacity. |