The MDM server must record an event in the device audit log each time the server is started.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36323 | SRG-APP-130-MDM-271-SRV | SV-47727r1_rule | Low |
| Description |
|---|
| Some MDM server system features, including security enforcement, may only be modified when the MDM server applications not running. Logging startup events provides valuable information on system problems and potential MDM server integrity issues. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44565r1_chk ) |
|---|
| Inspect the audit logs to determine whether startup events are being recorded. Restart the MDM server and check that this occurrence was recorded in the audit log. If a startup event does not appear in the log, this is a finding. |
| Fix Text (F-40855r1_fix) |
|---|
| Configure the MDM server to record an event in the device audit log each time the device operating system is started. |