The MDM server must record an event in audit log each time the server makes a security relevant configuration change on a managed mobile device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36325	SRG-APP-130-MDM-272-SRV	SV-47729r1_rule		Medium

Description
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Security-relevant configuration changes, if not authorized, are a breach of system security and might indicate a broader attack is occurring. Recording security-relevant changes in the audit logs mitigates the risk that unauthorized changes will go undetected.

Description

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Security-relevant configuration changes, if not authorized, are a breach of system security and might indicate a broader attack is occurring. Recording security-relevant changes in the audit logs mitigates the risk that unauthorized changes will go undetected.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44566r1_chk )
Inspect the audit logs to determine whether security relevant configuration changes are being recorded. Make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes do not appear in the log, this is a finding.

Fix Text (F-40856r1_fix)
Configure the MDM server to record an event in the device audit log each time there is a security relevant configuration change.