UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MDM server audit records must be able to be used by a report generation capability.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36307 SRG-APP-114-MDM-260-SRV SV-47711r1_rule Low
Description
Due to the numerous functions a MDM server implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log data is collected. This can become very difficult to analyze manually; therefore, it is important to process them automatically, tailor the views of the data to only those events of interest based upon selectable criteria, and provide a report generation capability. Without the automation of log processing, based upon events of interest to security personnel, log files will not be viewed accurately and actions will not be taken when a significant event occurs on the system because it can be too overwhelming. Significant or meaningful events may be missed due to the sheer volume of data if logs are reviewed or generated manually. Reducing the auditing capability to only those events that are significant and providing a report generation capability, aids in supporting near real-time audit review and analysis requirements and after-the-fact investigations of security incidents. In order to identify and report on what (repetitive) data has been removed via the use of audit reduction, the MDM server implementation must provide a capability to generate reports containing what values were removed by the audit reduction. This capability within the MDM server implementation may utilize a component outside of the MDM server itself.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44548r1_chk )
Review the configuration settings to determine whether the MDM server audit records can be used by a report generation capability. Review MDM server documentation and audit records. If the MDM server audit records cannot be used by a report generation capability, this is a finding.
Fix Text (F-40838r1_fix)
Configure the MDM server audit records to be used by a report generation capability.