The MDM server must capture/record and log all content related to an administrator session.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36341	SRG-APP-093-MDM-280-SRV	SV-47745r1_rule		High

Description
Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations. This allows all aspects of a session to be recreated.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44583r1_chk )
Review the MDM server configuration to determine whether the MDM server provides the capability to capture/record and log all content related to an administrator session. Have an administrator log into the server and make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes does not appear in the log, this is a finding.

Check Text ( C-44583r1_chk )

Review the MDM server configuration to determine whether the MDM server provides the capability to capture/record and log all content related to an administrator session. Have an administrator log into the server and make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes does not appear in the log, this is a finding.

Fix Text (F-40873r1_fix)
Configure the MDM server to provide to capture/record and log all content related to an administrator session.