The MDM server must protect audit information from unauthorized read access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36313 | SRG-APP-118-MDM-264-SRV | SV-47717r1_rule | Low |
| Description |
|---|
| Audit data is considered sensitive, and is intended to be read by the System Administrator only. Allowing non-administrators access to this data could expose vulnerabilities in the system. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44554r1_chk ) |
|---|
| Review the configuration settings to determine whether the MDM server audit feature protects audit information from unauthorized read access. If the MDM server does not protect audit information from unauthorized read access, this is a finding. |
| Fix Text (F-40844r1_fix) |
|---|
| Configure the MDM server to protect audit information from unauthorized read access. |