Windows 10 Mobile must generate audit records.

From Microsoft Windows 10 Mobile Security Technical Implementation Guide

Part of PP-MDF-203001

Associated with: CCI-000169

SV-84737r1_rule Windows 10 Mobile must generate audit records.

Vulnerability discussion

Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify attacks, so that breaches can either be prevented or limited in their scope. They facilitate analysis to improve performance and security. Auditable events include:1. Start-up and shutdown of the audit functions;2. All administrative actions;3. Start-up and shutdown of the OS and kernel;4. Insertion or removal of removable media;5. Establishment of a synchronizing connection;6. Specifically defined auditable events in Table 10 of MDF PP v.2.0.SFR ID: FAU_GEN.1.1

Check content

Review Windows 10 Mobile configuration settings to determine if auditing is configured to generate audit records. This validation procedure is performed only on the MDM administration console. On the MDM administration console: 1. Ask the MDM administrator to verify the Security Auditing policy. 2. Find the setting for enabling auditing using the "Security Auditing". 3. Verify that setting configuration is turned on. If the MDM does not have a compliance policy that enables "Security Auditing", this is a finding.

Fix text

Configure the MDM system to require the "Security Auditing" policy to be enabled for Windows 10 Mobile devices. Deploy the MDM policy on managed devices.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.