Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-36310 | SRG-APP-116-MDM-262-SRV | SV-47714r1_rule | Low |
Description |
---|
Determining the correct time a particular event occurred within the MDM server architecture is critical when conducting forensic analysis and investigating system events. Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the MDM server. If an event has been triggered on the network, and the MDM server is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via timestamps, is critical when conducting forensic analysis and investigating system events. |
STIG | Date |
---|---|
Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Check Text ( C-44551r1_chk ) |
---|
If the MDM server uses configuration files for this capability, review the MDM server configuration files to determine whether the internal system clock is used for timestamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the audit log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps. If it is apparent that the MDM server does not use the internal system clock to generate timestamps, this is a finding. |
Fix Text (F-40841r1_fix) |
---|
Configure the MDM server to use internal system clocks to generate timestamps for audit records. |