The UEM server must be configured to produce audit records containing information to establish where the events occurred.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-234330 | SRG-APP-000097 | SRG-APP-000097-UEM-000057 | SV-234330r960897_rule | 2024-12-09 | 2 |
| Description |
|---|
| Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. Satisfies:FAU_GEN.1.2(1) Reference:PP-MDM-412060 |
| ℹ️ Check |
|---|
| Verify the UEM server produces audit records containing information to establish where the events occurred. If the UEM server does not produce audit records containing information to establish where the events occurred, this is a finding. |
| ✔️ Fix |
|---|
| Configure the UEM server to be configured to produce audit records containing information to establish where the events occurred. |