An error occurred:

Check: SRG-APP-000089-UEM-100012

Unified Endpoint Management Agent SRG: SRG-APP-000089-UEM-100012 (in version v1 r0.1)

Title

The UEM Agent must be configured to enable the following function: read audit logs of the managed endpoint device. (Cat II impact)

Discussion

Audit logs and alerts enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify when the security posture of the device is not as expected. This enables the UEM administrator to take an appropriate remedial action.

Check Content

Verify the UEM Agent has enabled the following function: read audit logs of the managed endpoint device. If the UEM Agent has not enabled the following function: read audit logs of the managed endpoint device, this is a finding.

Fix Text

Configure the UEM Agent to enable the following function: read audit logs of the managed endpoint device.

Additional Identifiers

Rule ID: SRG-APP-000089-UEM-100012_rule

Vulnerability ID: SRG-APP-000089-UEM-100012

Group Title: SRG-APP-000089-UEM-100012

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000169

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-12

Audit Generation