Title

The UEM Agent must record within each UEM Agent audit record the following information: -date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event. (Cat II impact)

Discussion

Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. For audit logs to be useful, administrators must have the ability to view them. Satisfies: FAU_GEN.1.2(2) Refinement

Check Content

Verify the UEM Agent records within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event. If the UEM Agent does not record within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event this is a finding.

Fix Text

Configure the UEM Agent to record within each UEM Agent audit record the following information: -Date and time of the event -type of event -subject identity -(if relevant) the outcome (success or failure) of the event.

Additional Identifiers

Rule ID: SV-234238r617417_rule

Vulnerability ID: V-234238

Group Title: SRG-APP-000097

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.