An error occurred:

Check: SRG-APP-000089-UEM-100002

Unified Endpoint Management Agent SRG: SRG-APP-000089-UEM-100002 (in version v1 r1)

Title

The UEM Agent must provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events: -successful application of policies to a mobile device -receiving or generating periodic reachability events -change in enrollment state -failure to install an application from the UEM Server -failure to update an application from the UEM Server. (Cat II impact)

Discussion

Alerts providing notification of a change in enrollment state facilitate verification of the correct operation of security functions. When an UEM server receives such an alert from an UEM Agent, it indicates the security policy may no longer be enforced on the mobile device. This enables the UEM administrator to take an appropriate remedial action. Satisfies: FAU_ALT_EXT.2.1 Reference: PP-UEM-402001, PP-UEM-402002, PP-MDM-402003

Check Content

Verify the UEM Agent provides an alert via the trusted channel to the UEM Server in the event of any of the following audit events: -successful application of policies to a mobile device -receiving or generating periodic reachability events -change in enrollment state -failure to install an application from the UEM Server -failure to update an application from the UEM Server. If the UEM Agent does not provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events: -successful application of policies to a mobile device -receiving or generating periodic reachability events -change in enrollment state -failure to install an application from the UEM Server -failure to update an application from the UEM Server this is a finding.

Fix Text

Configure the UEM Agent to provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events: -successful application of policies to a mobile device -receiving or generating periodic reachability events -change in enrollment state -failure to install an application from the UEM Server -failure to update an application from the UEM Server.

Additional Identifiers

Rule ID: SV-234235r617416_rule

Vulnerability ID: V-234235

Group Title: SRG-APP-000089

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000169

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-12

Audit Generation