Check: SRG-APP-000097-UEM-000057
Unified Endpoint Management Server SRG:
SRG-APP-000097-UEM-000057
(in versions v2 r3 through v1 r1)
Title
The UEM server must be configured to produce audit records containing information to establish where the events occurred. (Cat II impact)
Discussion
Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. Satisfies:FAU_GEN.1.2(1) Reference:PP-MDM-412060
Check Content
Verify the UEM server produces audit records containing information to establish where the events occurred. If the UEM server does not produce audit records containing information to establish where the events occurred, this is a finding.
Fix Text
Configure the UEM server to be configured to produce audit records containing information to establish where the events occurred.
Additional Identifiers
Rule ID: SV-234330r960897_rule
Vulnerability ID: V-234330
Group Title: SRG-APP-000097
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000132 |
Ensure that audit records containing information that establishes where the event occurred. |
Controls
| Number | Title |
|---|---|
| AU-3 |
Content of Audit Records |