An error occurred:

Check: ARWA-02-000258

AirWatch MDM STIG: ARWA-02-000258 (in version v1 r3)

Title

The AirWatch MDM Server must back up audit records on an organization-defined frequency onto a different system or media than the system being audited. (Cat II impact)

Discussion

Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media other than the system being audited on an organizationally-defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained.

Check Content

Review the AirWatch MDM Server configuration to ensure the AirWatch MDM Server backs up audit records on an organization-defined frequency onto a different system or media other than the system being audited. If the AirWatch MDM Server does not back up audit records on an organization-defined frequency onto a different system or media other than the system being audited, this is a finding. To verify the exporting of specific information collected by the AirWatch application to an external auditing or reporting system: click the (1) "Menu" button from top tool bar, (2) click on "System Configuration" under "Configuration" heading, (3) click on "System" on left-hand tool bar, (4) click on "Enterprise Integration", (5) click on "Syslog", and (6) verify proper configuration information. (7) Check report output on external system to verify functionality.

Fix Text

Configure the AirWatch MDM Server to back up audit records on an organization-defined frequency onto a different system or media other than the system being audited. To export auditing information to external reporting system: click the (1) "Menu" button from top tool bar, (2) click on "System Configuration" under "Configuration" heading, (3) click on "System" on left-hand tool bar, (4) click on "Enterprise Integration", (5) click on "Syslog", and (6) enter in information for applicable destination logging server in box labeled "Message Content". (7) Click "Save".

Additional Identifiers

Rule ID: SV-60231r1_rule

Vulnerability ID: V-47359

Group Title: SRG-APP-125-MDM-274-SRV

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001348

Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9(2)

Audit Backup On Separate Physical Systems / Components