UCF STIG Viewer Logo

The MDM server must generate audit records for the DoD-required auditable events.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36320 SRG-APP-091-MDM-269-SRV SV-47724r1_rule Low
Description
The DoD-required auditable events are events that assist in intrusion detection and forensic analysis. Failure to capture them increases the likelihood that an adversary can breach the system without detection.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44561r1_chk )
Review product documentation and the system configuration to determine whether the DoD-required auditable events are recorded. Required events include system startup and shutdown, successful and unsuccessful device unlock attempts, program execution, and integrity validation failures. Verify a reasonable subset of these events is captured in practice by examining the audit logs. If the audit logs do not include DoD-required auditable events, this is a finding.
Fix Text (F-40851r1_fix)
Configure the MDM server to generate audit records for the DoD-required auditable events.