UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MDM server must use internal system clocks to generate timestamps for audit records.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36310 SRG-APP-116-MDM-262-SRV SV-47714r1_rule Low
Description
Determining the correct time a particular event occurred within the MDM server architecture is critical when conducting forensic analysis and investigating system events. Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the MDM server. If an event has been triggered on the network, and the MDM server is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via timestamps, is critical when conducting forensic analysis and investigating system events.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44551r1_chk )
If the MDM server uses configuration files for this capability, review the MDM server configuration files to determine whether the internal system clock is used for timestamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the audit log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps. If it is apparent that the MDM server does not use the internal system clock to generate timestamps, this is a finding.
Fix Text (F-40841r1_fix)
Configure the MDM server to use internal system clocks to generate timestamps for audit records.