STIGQter: STIG Summary: BlackBerry UEM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The BlackBerry UEM server must be configured to transfer BlackBerry UEM server logs to another server for storage, analysis, and reporting. Note: BlackBerry UEM server logs include logs of MDM events and logs transferred to the BlackBerry UEM server by MDM agents of managed devices.

DISA Rule

SV-224375r604136_rule

Vulnerability Number

V-224375

Group Title

PP-MDM-411054

Rule Version

BUEM-00-000500

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

The Admin must access the UEM server.
Configuring trust:
1. Get the CA that signs the Syslog server cert.
2. Upload the CA into the UEM server.
- From the CMD prompt on the UEM server follow the instructions found on page 70-71 of the Admin Guide, "Setup export of server audit records to a syslog server".
3. Configure UEM to send audit data to the Syslog server.
- Copy the script in Appendix A of the Admin Guide.
- In the script, change the hostname and port number to match your environment.
- Set the host name and port number, for example:
SET @v_hostname = 'localhost';
SET @v_port = '31000';
4. Execute the SQL script against the BlackBerry UEM database.
5. Restart the BlackBerry UEM Core service.

Check Contents

Review the Syslog audit records from the syslog audit management server and verify UEM logs are included.

If UEM logs are not found on the Syslog server, this is a finding.

Vulnerability Number

V-224375

Documentable

False

Rule Version

BUEM-00-000500

Severity Override Guidance

Review the Syslog audit records from the syslog audit management server and verify UEM logs are included.

If UEM logs are not found on the Syslog server, this is a finding.

Check Content Reference

M

Target Key

4134

Comments