Check: VMW1-00-400040
VMware Workspace ONE UEM STIG:
VMW1-00-400040
(in versions v2 r1 through v1 r1)
Title
The MDM Agent must be configured to enable the following function: [selection: read audit logs of the MD]. This requirement is inherently met if the function is automatically implemented during MDM Agent install/device enrollment. (Cat II impact)
Discussion
Audit logs and alerts enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify when the security posture of the device is not as expected. This enables the MDM administrator to take an appropriate remedial action. SFR ID: FMT_SMF_EXT.4.1
Check Content
Review the MDM Agent documentation and configuration settings to determine if the following function is enabled: read audit logs of the MD. This validation procedure is performed on the MDM Administration Console. On the MDM console, do the following: 1. Authenticate to the Workspace ONE UEM console as the administrator. 2. Navigate to Groups & Settings >> All Settings >> Devices & Users >> General >> Privacy and enable Request Device Log in the privacy settings. If "Request Device Log" is present, then no device log is being requested from the MD and this is a finding.
Fix Text
Configure the MDM Agent to enable the following function: read audit logs of the MD. On the MDM console, do the following: 1. Authenticate to the Workspace ONE UEM console as the administrator. 2. Navigate to Groups & Settings >> All Settings >> Devices & Users >> General >> Privacy and enable Request Device Log in the privacy settings. 3. Select "SAVE".
Additional Identifiers
Rule ID: SV-221651r588007_rule
Vulnerability ID: V-221651
Group Title: PP-MDM-401005
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000154 |
The information system provides the capability to centrally review and analyze audit records from multiple components within the system. |
Controls
Number | Title |
---|---|
AU-6 (4) |
Central Review And Analysis |