STIGQter: STIG Summary: Unified Endpoint Management Agent Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The UEM Agent must generate a UEM Agent audit record of the following auditable events:-startup and shutdown of the UEM Agent-UEM policy updated-any modification commanded by the UEM Server.

DISA Rule

SV-234236r617390_rule

Vulnerability Number

V-234236

Group Title

SRG-APP-000089

Rule Version

SRG-APP-000089-UEM-100004

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure the UEM Agent to generate an UEM Agent audit record of the following auditable events:
-Startup and shutdown of the UEM Agent
-UEM policy updated
-any modification commanded by the UEM Server.

Check Contents

Verify the UEM Agent generates an UEM Agent audit record of the following auditable events:
-Startup and shutdown of the UEM Agent
-UEM policy updated
-any modification commanded by the UEM Server.

If the UEM Agent does not generate an UEM Agent audit record of the following auditable events:
-Startup and shutdown of the UEM Agent
-UEM policy updated
-any modification commanded by the UEM Server
this is a finding.

Vulnerability Number

V-234236

Documentable

False

Rule Version

SRG-APP-000089-UEM-100004

Severity Override Guidance

Verify the UEM Agent generates an UEM Agent audit record of the following auditable events:
-Startup and shutdown of the UEM Agent
-UEM policy updated
-any modification commanded by the UEM Server.

If the UEM Agent does not generate an UEM Agent audit record of the following auditable events:
-Startup and shutdown of the UEM Agent
-UEM policy updated
-any modification commanded by the UEM Server
this is a finding.

Check Content Reference

M

Target Key

5262

Comments