Check: SRG-APP-000092-UEM-000053
Unified Endpoint Management Server SRG:
SRG-APP-000092-UEM-000053
(in versions v2 r3 through v1 r1)
Title
The UEM server must initiate session auditing upon startup. (Cat II impact)
Discussion
If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. Satisfies:FAU_GEN.1.1(1)
Check Content
Verify the UEM server initiate session auditing upon startup. If the UEM server does not initiate session auditing upon startup, this is a finding.
Fix Text
Configure the UEM server to initiate session auditing upon startup.
Additional Identifiers
Rule ID: SV-234327r960888_rule
Vulnerability ID: V-234327
Group Title: SRG-APP-000092
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001464 |
Initiates session audits automatically at system start-up. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AU-14(1) |
System Start-up |