Title

The BlackBerry UEM server must [selection: invoke platform-provided functionality, implement functionality] to generate an audit record of the following auditable events: c. [selection: Commands issued to the MDM Agent]. (Cat III impact)

Discussion

Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. For audit logs to be useful, administrators must have the ability to view them. SFR ID: FAU_GEN.1.1(1)

Check Content

Review the audit record, which can be found in the UEM console in Settings >> Infrastructure >> Audit settings >> Security event audit settings section. Verify both "Command" events are listed and "setting" is set to "All" for both events. If both "Command" events are not listed and "setting" is not set to "All" for both events, this is a finding.

Fix Text

On the BlackBerry UEM, do the following: 1. On the menu bar, click Settings >> Infrastructure >> Audit settings. 2. In the right pane, click the edit icon. 3. To add security events to audit, click + . Select the events and click Add. 4. Select each "Command" event. 5. In the Setting column, ensure "all" has been selected for each "Command" event selected. 6. Click "Save". Note: Audit record fields for server audits, include: Commands sent to the device.

Additional Identifiers

Rule ID: SV-111859r1_rule

Vulnerability ID: V-102897

Group Title: PP-MDM-412000

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.