Check: GOOG-10-005505
Google Android 10.x STIG:
GOOG-10-005505
(in versions v2 r1 through v1 r1)
Title
Google Android 10 must be configured to enable audit logging. (Cat II impact)
Discussion
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. To be useful, Administrators must have the ability to view the audit logs. SFR ID: FMT_SMF_EXT.1.1 #32
Check Content
Review documentation on the Google Android device and inspect the configuration on the Google Android device to enable audit logging. This validation procedure is performed on only on the MDM Administration Console. On the MDM console, do the following: 1. Open the User restrictions. 2. Open user settings. 3. Select "Enable security logging". 4. Select "Enable network logging". If the MDM console device policy is not set to enable audit logging, this is a finding.
Fix Text
Configure the Google Android 10 to enable audit logging. On the MDM console: 1. Open the User restrictions. 2. Open user settings. 3. Select "Enable security logging". 4. Select "Enable network logging".
Additional Identifiers
Rule ID: SV-237018r852652_rule
Vulnerability ID: V-237018
Group Title: PP-MDF-302370
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
| CCI-000370 |
Manage configuration settings for organization-defined system components using organization-defined automated mechanisms. |
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |