The MDM server must utilize the integration of audit review, analysis, and reporting processes by an organizations central audit management system to support organizational processes for investigation and response to suspicious activities.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36302	SRG-APP-110-MDM-257-SRV	SV-47706r1_rule		Low

Description
Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was done, and by whom in order to compile an accurate collection of data for troubleshooting, forensics, etc. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured network element. In order to determine what is happening within the network infrastructure or to resolve and trace an attack, it is imperative to correlate the log data from multiple network elements to acquire a clear understanding as to what happened or is happening. Collecting log data and presenting that data in a single, consolidated view achieves this objective.

Description

Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was done, and by whom in order to compile an accurate collection of data for troubleshooting, forensics, etc. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured network element. In order to determine what is happening within the network infrastructure or to resolve and trace an attack, it is imperative to correlate the log data from multiple network elements to acquire a clear understanding as to what happened or is happening. Collecting log data and presenting that data in a single, consolidated view achieves this objective.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44543r1_chk )
Review the configuration settings to determine whether the MDM server audit system supports the integration of audit review, analysis, and reporting processes by an organization's central audit management system to support organizational processes for investigation and response to suspicious activities. Review MDM server documentation and have the system administrator demonstrate the capability on the MDM server to transfer audit logs to a central audit system. If audit log information is not being transferred to a central audit management system, this is a finding.

Check Text ( C-44543r1_chk )

Review the configuration settings to determine whether the MDM server audit system supports the integration of audit review, analysis, and reporting processes by an organization's central audit management system to support organizational processes for investigation and response to suspicious activities. Review MDM server documentation and have the system administrator demonstrate the capability on the MDM server to transfer audit logs to a central audit system. If audit log information is not being transferred to a central audit management system, this is a finding.

Fix Text (F-40833r1_fix)
Configure the MDM server to provide audit log information to a central audit management system.