The UEM server must initiate session auditing upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-234327 | SRG-APP-000092-UEM-000053 | SV-234327r960888_rule | CCI-001464 | medium |
| Description | ||||
| If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. Satisfies:FAU_GEN.1.1(1) | ||||
| STIG | Date | |||
| Unified Endpoint Management Server Security Requirements Guide | 2024-12-09 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-14(1)
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001464
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-234327r960888_chk)
Verify the UEM server initiate session auditing upon startup.
If the UEM server does not initiate session auditing upon startup, this is a finding.
Fix Text (F-37477r613992_fix)
Configure the UEM server to initiate session auditing upon startup.