Applications must include organization defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36401	SRG-APP-101-NA	SV-47805r1_rule		Medium

Description
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes: timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Rationale for non-applicability: This vulnerability is better addressed by another CCI. CCI-000130 covers audit records to a sufficient degree for the MDM server.

Description

Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes: timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Rationale for non-applicability: This vulnerability is better addressed by another CCI. CCI-000130 covers audit records to a sufficient degree for the MDM server.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44643r1_chk )
This requirement is NA for the MDM server SRG.

Fix Text (F-40933r1_fix)
The requirement is NA. No fix is required.