Rule ID
SV-284810r1240404_rule
Version
V1R1
CCIs
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. For the audit logs to be useful, administrators must have the ability to view them. SFR ID: FMT_SMF.1.1_EXT1.1 #32
Inspect the configuration on the managed Google Android 17 device to enable audit logging. This validation procedure is performed only on the EMM administration console. On the EMM console: COBO and COPE: 1. Open the "Device owner management" section. 2. Verify that "Enable security logging" is toggled to "ON". If the EMM console device policy is not set to enable audit logging, this is a finding.
Configure the Google Android 17 device to enable audit logging. On the EMM console: COBO and COPE: 1. Open the "Device owner management" section. 2. Toggle "Enable security logging" to "ON". Configuration API: setSecurityLoggingEnabled