The UEM Agent must record within each UEM Agent audit record the following information: -date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-234238	SRG-APP-000097-UEM-100005	SV-234238r617417_rule		Medium

Description
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. For audit logs to be useful, administrators must have the ability to view them. Satisfies: FAU_GEN.1.2(2) Refinement

STIG	Date
Unified Endpoint Management Agent Security Requirements Guide	2020-12-14

Details

Check Text ( C-37423r617417_chk )
Verify the UEM Agent records within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event. If the UEM Agent does not record within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event this is a finding.

Check Text ( C-37423r617417_chk )

Verify the UEM Agent records within each UEM Agent audit record the following information:
-Date and time of the event
-type of event
-subject identity
-(if relevant) the outcome (success or failure) of the event.

If the UEM Agent does not record within each UEM Agent audit record the following information:
-Date and time of the event
-type of event
-subject identity
-(if relevant) the outcome (success or failure) of the event
this is a finding.

Fix Text (F-37388r612021_fix)
Configure the UEM Agent to record within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event.