Title

The Samsung SDS EMM must be configured to transfer Samsung SDS EMM logs to another server for storage, analysis, and reporting. Note: Samsung SDS EMM logs include logs of MDM events and logs transferred to the Samsung SDS EMM by MDM agents of managed devices. (Cat II impact)

Discussion

Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. Since the Samsung SDS EMM has limited capability to store mobile device log files and perform analysis and reporting of mobile device log files, the Samsung SDS EMM must have the capability to transfer log files to an audit log management server. SFR ID: FMT_SMF.1.1(2) c.8, FAU_STG_EXT.1.1(1)

Check Content

Review the Samsung SDS EMM configuration settings and verify the server is configured to transfer Samsung SDS EMM logs to another server for storage, analysis, and reporting. On the MDM console, do the following: 1. Go to Setting >> Server >> Configuration. 2. Click "Audit" at the top of the window and verify audit log server and other information is listed. If the MDM console is not configured to transfer audit logs to an audit log server, this is a finding. Note: Samsung SDS EMM logs include logs of MDM events and logs transferred to the Samsung SDS EMM by MDM agents of managed devices.

Fix Text

Configure the Samsung SDS EMM to transfer Samsung SDS EMM logs to another server for storage, analysis, and reporting. On the MDM console, do the following: 1. Go to Setting >> Server >> Configuration. 2. Click "Audit" at the top of the window and enter the audit log server and other information.

Additional Identifiers

Rule ID: SV-225643r588007_rule

Vulnerability ID: V-225643

Group Title: PP-MDM-411054

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.