The UEM server must be configured to produce audit records containing information to establish where the events occurred.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-234330 | SRG-APP-000097-UEM-000057 | SV-234330r960897_rule | CCI-000132 | medium |
| Description | ||||
| Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. Satisfies:FAU_GEN.1.2(1) Reference:PP-MDM-412060 | ||||
| STIG | Date | |||
| Unified Endpoint Management Server Security Requirements Guide | 2024-12-09 | |||
Details
Check Text (C-234330r960897_chk)
Verify the UEM server produces audit records containing information to establish where the events occurred.
If the UEM server does not produce audit records containing information to establish where the events occurred, this is a finding.
Fix Text (F-37480r614001_fix)
Configure the UEM server to be configured to produce audit records containing information to establish where the events occurred.