Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must capture/record and log all content related to an administrator session.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36341 | SRG-APP-093-MDM-280-SRV | SV-47745r1_rule | High |
| Description |
|---|
| Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations. This allows all aspects of a session to be recreated. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44583r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the MDM server provides the capability to capture/record and log all content related to an administrator session. Have an administrator log into the server and make several security relevant configuration changes and verify these were recorded in the audit log. If any of the security relevant changes does not appear in the log, this is a finding. |
| Fix Text (F-40873r1_fix) |
|---|
| Configure the MDM server to provide to capture/record and log all content related to an administrator session. |