The UEM server must be configured to produce audit records containing information to establish where the events occurred.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-234330 | SRG-APP-000097-UEM-000057 | SV-234330r960897_rule | CCI-000132 | medium |
| Description | ||||
| Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. Satisfies:FAU_GEN.1.2(1) Reference:PP-MDM-412060 | ||||
| STIG | Date | |||
| Unified Endpoint Management Server Security Requirements Guide | 2024-12-09 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-3
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000132
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-234330r960897_chk)
Verify the UEM server produces audit records containing information to establish where the events occurred.
If the UEM server does not produce audit records containing information to establish where the events occurred, this is a finding.
Fix Text (F-37480r614001_fix)
Configure the UEM server to be configured to produce audit records containing information to establish where the events occurred.