UCF STIG Viewer Logo

The MDM server must allow designated administrators to select which auditable events are to be audited by the server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36319 SRG-APP-090-MDM-268-SRV SV-47723r1_rule Low
Description
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events). Allowing an administrator to choose the events allows for better coverage of logs for specific activities of interest at a specific time.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44559r1_chk )
Review MDM server documentation and configuration settings to determine whether the MDM server audit feature allows designated administrators to select which auditable events are to be audited by the server. Required events include system startup and shutdown, successful and unsuccessful device unlock attempts, program execution, and integrity validation failures. Verify a reasonable subset of these events is captured in practice by examining the audit logs. If the MDM server does allow designated administrators to select which auditable events are to be audited by the server, this is a finding.
Fix Text (F-40850r1_fix)
Configure the MDM server to allow designated administrators to select which auditable events are to be audited by the server.