The MDM server must initiate session auditing upon start up.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36342 | SRG-APP-092-MDM-281-SRV | SV-47746r1_rule | High |
| Description |
|---|
| Without session-level auditing, IA and IT professionals do not have the complete picture, in detail, of what is transpiring on their systems. Without the session-level auditing capability, it is difficult to determine when a specific action was taken on the system and perform forensic analysis if there is an attack, or troubleshoot a problem. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44585r1_chk ) |
|---|
| Shut down and then restart the MDM server. Immediately after the boot process is complete, verify auditing has been initiated. If session auditing is not operational after system startup, this is a finding. |
| Fix Text (F-40875r1_fix) |
|---|
| Configure the MDM server to initiate session auditing at system startup. |