The MaaS360 server must be configured to enable all required audit events (if function is not automatically implemented during MDM/MAS server install): b. Failure to update an existing application on a managed mobile device.

An XCCDF Rule

Description

Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. SFR ID: FMT_SMF.1.1(3) c, FAU_GEN.1.1(2)

ID: SV-96895r1_rule
Version: M360-10-100300
Severity: Low
References: CCI-000129 CCI-000169 CCI-000366
Updated: 11 days ago

Remediation Templates

Configure the MaaS360 server to enable all required audit events: Failure to update an existing application on a managed mobile device.

On the MaaS360 Console, complete the following steps:
1. Navigate to Devices >> Groups.
2. Select "Add", "Device Groups", and create a new search with the conditions noted below.
3. Select "edit" for one of the identified groups and set the two conditions:- Condition 1: "Software Installed", "Application Name", "Contains", "<Name of Application>"
- Condition 2: "Software Installed", "Full Version", "Contains","<latest version of Application>"
4. Select "Search" and then create a new device group and provide an appropriate group name and description.
5. Navigate to Security >> Compliance Rules.
6. Select one or more Rule Set Names that alert for failure to update an existing application on a managed mobile device. 
7. Open “Rule Set Name” and select “Enforcement Rules”.
8. Set the “Application Compliance” to “enabled” and select "Alert" for “Enforcement Action”.
9. Go to Group Based Rules and assign the rule selected in Step 6 to the group identified in Step 4.

The MaaS360 server must be configured to enable all required audit events (if function is not automatically implemented during MDM/MAS server install): b. Failure to update an existing application on a managed mobile device.

Description

Remediation Templates

A Manual Procedure