Check: GOOG-12-002800
Google Android 12 COPE STIG:
GOOG-12-002800
(in version v1 r1)
Title
Google Android 12 must be configured to enable audit logging. (Cat II impact)
Discussion
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. To be useful, Administrators must have the ability to view the audit logs. SFR ID: FMT_SMF_EXT.1.1 #32
Check Content
Inspect the configuration on the managed Google Android 12 device to enable audit logging. This validation procedure is performed only on the EMM Administration Console. On the EMM console: COBO and COPE: 1. Open "Device owner management" section. 2. Verify that "Enable security logging" is toggled to ON. If the EMM console device policy is not set to enable audit logging, this is a finding.
Fix Text
Configure the Google Android 12 device to enable audit logging. On the EMM console: COBO and COPE: 1. Open "Device owner management" section. 2. Toggle "Enable security logging" to ON.
Additional Identifiers
Rule ID: SV-250418r802621_rule
Vulnerability ID: V-250418
Group Title: PP-MDF-990000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000154 |
The information system provides the capability to centrally review and analyze audit records from multiple components within the system. |
Controls
Number | Title |
---|---|
AU-6 (4) |
Central Review And Analysis |