The UEM Agent must be configured to enable the following function: read audit logs of the managed endpoint device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-234237 | SRG-APP-000089-UEM-100012 | SV-234237r617354_rule | CCI-000169 | medium |
| Description | ||||
| Audit logs and alerts enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify when the security posture of the device is not as expected. This enables the UEM administrator to take an appropriate remedial action. Satisfies: FMT_SMF_EXT.4.1 Reference: PP-UEM-401005 | ||||
| STIG | Date | |||
| Unified Endpoint Management Agent Security Requirements Guide | 2020-12-14 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-12
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000169
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-234237r617354_chk)
Verify the UEM Agent has enabled the following function: read audit logs of the managed endpoint device.
If the UEM Agent has not enabled the following function: read audit logs of the managed endpoint device, this is a finding.
Fix Text (F-37387r612018_fix)
Configure the UEM Agent to enable the following function: read audit logs of the managed endpoint device.