V-47355 | High | The AirWatch MDM Server device integrity validation component must identify the affected mobile device, severity of the finding, and provide a recommended mitigation. | One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
V-47349 | High | The AirWatch MDM Server must perform required actions when a security related alert is received. | Incident response functions are intended to monitor, detect, and alarm on defined events occurring on the system or on the network. A large part of their functionality is accurate and timely... |
V-47299 | High | The AirWatch MDM Server must implement separation of administrator duties by requiring a specific role be assigned to each administrator account. | Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. Employing a separation of duties model reduces the... |
V-47335 | High | The AirWatch MDM Server must be able to detect if the security policy has been modified, disabled, or bypassed on managed mobile devices. | If the security policy has been modified in an unauthorized manner, IA is severely degraded and a variety of further attacks are possible. Detecting whether the security policy has been modified... |
V-47353 | High | The AirWatch MDM Server device integrity validation component must use automated mechanisms to alert security personnel when the device has been jailbroken or rooted. | Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a... |
V-63317 | High | AirWatch MDM server versions that are no longer supported by the vendor for security updates must not be installed on a system.
| AirWatch MDM server versions (6.5 and earlier versions) that are no longer supported by AirWatch by VMware for security updates are not evaluated or updated for vulnerabilities, leaving them open... |
V-47321 | Medium | The AirWatch MDM Server must configure the mobile device to prohibit the mobile device user from installing unapproved applications. | The operating system must enforce software installation by users based upon what types of software installations are permitted (e.g., updates and security patches to existing software) and what... |
V-47327 | Medium | The AirWatch MDM Server must configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or AirWatch MDM Server). | DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source,... |
V-47325 | Medium | The AirWatch MDM Server must configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or AirWatch MDM Server). | DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source,... |
V-47329 | Medium | The AirWatch MDM Server must configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or AirWatch MDM Server). | DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source,... |
V-47309 | Medium | The AirWatch MDM Server must centralize the review and analysis of audit records from multiple components within the server. | Due to the numerous functions an AirWatch MDM Server implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, more log... |
V-47347 | Medium | The AirWatch MDM Server must notify when it detects unauthorized changes to security configuration of managed mobile devices. | Incident response functions are intended to monitor, detect, and alarm on defined events occurring on the system or on the network. A large part of their functionality is accurate and timely... |
V-47341 | Medium | The AirWatch MDM Server device integrity validation component must employ automated mechanisms to detect the presence of unauthorized software on managed mobile devices and notify designated organizational officials in accordance with the organization-defined frequency. | Unauthorized software poses a risk to the device because it could potentially perform malicious functions, including but not limited to gathering sensitive information, searching for other system... |
V-47343 | Medium | The AirWatch MDM Server must terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. | If communication’s sessions remain open for extended periods of time even when unused, there is the potential for an adversary to highjack the session and use it to gain access to the device or... |
V-47303 | Medium | The AirWatch MDM Server must support the transfer of audit logs to remote log or management servers. | AirWatch MDM Server auditing capability is critical for accurate forensic analysis. The ability to transfer audit logs often is necessary to quickly isolate them, protect their integrity, and... |
V-47337 | Medium | The AirWatch MDM Server must employ automated mechanisms to respond to unauthorized changes to the security policy or AirWatch MDM Server agent on managed mobile devices. | Uncoordinated or incorrect configuration changes to the AirWatch MDM Server managed components can potentially lead to compromises. Without automated mechanisms to respond to changes, changes can... |
V-47331 | Medium | The AirWatch MDM Server must provide the administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user. | DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source,... |
V-47333 | Medium | The AirWatch MDM Server must provide the administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user. | DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source,... |
V-47339 | Medium | The AirWatch MDM Server must uniquely identify mobile devices managed by the server prior to connecting to the device. | When managed mobile devices connect to the AirWatch MDM Server, the security policy and possible sensitive DoD data will be pushed to the device. In addition, the device may be provided access to... |
V-47357 | Medium | The AirWatch MDM Server device integrity validation component must base recommended mitigations for findings on the identified risk level of the finding. | One of the most significant indicators of an IA attack is modification of operating system files, device drivers, or security enforcement mechanisms. An integrity verification capability or tool... |
V-47319 | Medium | The AirWatch MDM Server must configure the mobile device to prohibit the mobile device user from installing unapproved applications. | The operating system must enforce software installation by users based upon what types of software installations are permitted (e.g., updates and security patches to existing software) and what... |
V-47351 | Medium | The AirWatch MDM Server device integrity validation component must include the capability to notify an organization-defined list of response personnel who are identified by name and/or by role notifications of suspicious events. | Integrity checking applications are by their nature, designed to monitor and detect defined events occurring on the system. When the integrity checking mechanism finds an anomaly, it must notify... |
V-48041 | Medium | The AirWatch MDM Server must record an event in the audit log each time the server makes a security relevant configuration change on a managed mobile device. | Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system.... |
V-47317 | Medium | The AirWatch MDM Server must be capable of scanning the hardware version of managed mobile devices and alert if unsupported versions are found.
| Approved versions of devices have gone though all required phases of testing, approval, etc., and are able to support required security features. Using non-approved versions of mobile device... |
V-47345 | Medium | The AirWatch MDM Server must ensure authentication of both mobile device AirWatch MDM Server agent and server during the entire session. | AirWatch MDM Server can be prone to man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of SSL Mutual Authentication... |
V-47359 | Medium | The AirWatch MDM Server must back up audit records on an organization-defined frequency onto a different system or media than the system being audited. | Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media other than the system being... |
V-47301 | Low | If the AirWatch MDM Server includes a mobile email management capability, the email client must either block or convert all active content in email (HTML, RTF, etc.) to text before the email is forwarded to the mobile device. | HTML embedded in an email has the potential to host malicious code that may allow an attacker access to the user's end device and possibly the network to which it is attached. Requiring that all... |
V-47307 | Low | The AirWatch MDM Server must utilize the integration of audit review, analysis, and reporting processes by an organizations central audit management system to support organizational processes for investigation and response to suspicious activities. | Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was... |
V-47313 | Low | The AirWatch MDM Server must automatically process audit records for events of interest based upon selectable, event criteria. | Due to the numerous functions an AirWatch MDM Server implementation processes, log files can become extremely large because of the volume of data. The more processes that are logged, the more log... |