Title

The UEM Agent must record within each UEM Agent audit record the following information: -date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event. (Cat II impact)

Discussion

Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. For audit logs to be useful, administrators must have the ability to view them.

Check Content

Verify the UEM Agent records within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event If the UEM Agent does not record within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event this is a finding.

Fix Text

Configure the UEM Agent to record within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event.

Additional Identifiers

Rule ID: SRG-APP-000097-UEM-100005_rule

Vulnerability ID: SRG-APP-000097-UEM-100005

Group Title: SRG-APP-000097-UEM-100005

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.