The mobile operating system must log an audit event for each instance when a remote process uses MDM mechanisms for accessing the device security configuration settings.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33262 | SRG-OS-000251-MOS-000126 | SV-43681r2_rule | Medium |
| Description |
|---|
| Mobile device management (MDM) provides IA services to mobile devices but it also represents a threat to those devices. If an adversary were able to take control of the MDM or masquerade as the MDM, then it could use that ability to relax IA controls and breach the mobile device. Logging MDM events enables better traceability to mistaken or unauthorized MDM transactions. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41559r1_chk ) |
|---|
| Use the MDM to perform a temporary and relatively innocuous security configuration change on a small sample of devices. Verify the operating system logged this event. If there is a not an audit entry for this event, this is a finding. |
| Fix Text (F-37192r1_fix) |
|---|
| Configure the operating system to log an audit event for each instance when a remote process uses MDM mechanisms for accessing the device security configuration settings. |