Title

The UEM server must employ an audited override of automated access control mechanisms under organization-defined conditions. (Cat II impact)

Discussion

Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a proficient manner. Actions that could adversely impact the system must be audited for forensic analysis.

Check Content

Verify the UEM server employs an audited override of automated access control mechanisms under organization-defined conditions. If the UEM server does not employ an audited override of automated access control mechanisms under organization-defined conditions, this is a finding.

Fix Text

Configure the UEM server to employ an audited override of automated access control mechanisms under organization-defined conditions.

Additional Identifiers

Rule ID: SRG-APP-000327-UEM-000200_rule

Vulnerability ID: SRG-APP-000327-UEM-000200

Group Title: SRG-APP-000327-UEM-000200

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.