Check: SRG-APP-000358-UEM-000228
Unified Endpoint Management Server SRG:
SRG-APP-000358-UEM-000228
(in versions v2 r3 through v1 r1)
Title
The UEM server must be configured to transfer UEM server logs to another server for storage, analysis, and reporting. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices. (Cat II impact)
Discussion
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices. Satisfies:FMT_SMF.1.1(2) c.8, FAU_STG_EXT.1.1(1) Reference:PP-MDM-411054
Check Content
Verify the UEM server transfers UEM server logs to another server for storage, analysis, and reporting. If the UEM server does not transfer UEM server logs to another server for storage, analysis, and reporting, this is a finding. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
Fix Text
Configure the UEM server to be configured to transfer UEM server logs to another server for storage, analysis, and reporting. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
Additional Identifiers
Rule ID: SV-234500r961395_rule
Vulnerability ID: V-234500
Group Title: SRG-APP-000358
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
| Number | Title |
|---|---|
| AU-4(1) |
Transfer to Alternate Storage |