Check: SRG-APP-000125-UEM-000074
Unified Endpoint Management Agent SRG:
SRG-APP-000125-UEM-000074
(in version v1 r0.1)
Title
The UEM server must back up audit records at least every seven days onto a log management server. (Cat II impact)
Discussion
Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps ensure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions.
Check Content
Verify the UEM server backs up audit records at least every seven days onto a log management server. If the UEM server does not back up audit records at least every seven days onto a log management server, this is a finding.
Fix Text
Configure the UEM server to back up audit records at least every seven days onto a log management server.
Additional Identifiers
Rule ID: SRG-APP-000125-UEM-000074_rule
Vulnerability ID: SRG-APP-000125-UEM-000074
Group Title: SRG-APP-000125-UEM-000074
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001348 |
Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited. |
Controls
| Number | Title |
|---|---|
| AU-9(2) |
Audit Backup On Separate Physical Systems / Components |