Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-36319 | SRG-APP-090-MDM-268-SRV | SV-47723r1_rule | Low |
Description |
---|
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events). Allowing an administrator to choose the events allows for better coverage of logs for specific activities of interest at a specific time. |
STIG | Date |
---|---|
Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Check Text ( C-44559r1_chk ) |
---|
Review MDM server documentation and configuration settings to determine whether the MDM server audit feature allows designated administrators to select which auditable events are to be audited by the server. Required events include system startup and shutdown, successful and unsuccessful device unlock attempts, program execution, and integrity validation failures. Verify a reasonable subset of these events is captured in practice by examining the audit logs. If the MDM server does allow designated administrators to select which auditable events are to be audited by the server, this is a finding. |
Fix Text (F-40850r1_fix) |
---|
Configure the MDM server to allow designated administrators to select which auditable events are to be audited by the server. |