The Samsung SDS EMM must be configured to communicate the following commands to the MDM Agent: read audit logs kept by the MD.
An XCCDF Rule
Description
<VulnDiscussion>Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. For audit logs to be useful, administrators must have the ability to view them. SFR ID: FMT_SMF.1.1(1) #19</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-225641r588007_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Use the following instructions to verify the command has been configured to read audits to the MDM Agent on the SDS EMM server:
On the MDM console, do the following:
1. Log in to the Admin Console using a web browser.
2. Go to Service Overview >> Log and Event >> Audit Event.
3. Select all audit events with audit type of "Device" and click the "Save" button.