UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The AirWatch MDM Server must ensure authentication of both mobile device AirWatch MDM Server agent and server during the entire session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-47345 ARWA-02-000226 SV-60217r1_rule Medium
Description
AirWatch MDM Server can be prone to man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of SSL Mutual Authentication authenticity of the data cannot be guaranteed.
STIG Date
AirWatch MDM STIG 2014-04-09

Details

Check Text ( C-50111r2_chk )
Review the AirWatch MDM Server configuration to ensure the AirWatch MDM Server ensures authentication of both mobile device AirWatch MDM Server agent and server during the entire session. If it does not, this is a finding.

AirWatch, upon native installation, activates a "Secure Channel" and generates root X.509 certificate to identify itself to devices and issue public keys to those devices for authentication. To verify Secure Channel is active: (1) click "Menu" from top tool bar, (2) click "System Configuration" under "Configuration" heading, (3) click "System" on left-hand tool bar, (4) click "Advanced", and (5) click "Secure Channel Certificate". (6) Ensure Secure Channel is enabled for applicable platforms and certificate is uploaded.
Fix Text (F-51051r2_fix)
Configure the AirWatch MDM Server to authenticate both the mobile device AirWatch MDM Server agent and server during the entire session.

To install AirWatch Secure Channel, please see "On-Premise Architecture Guide", page 26, "Appendix B - SSL Certificate Setup" for information on applying procured SSL certificates to the AirWatch MDM Server.

To enable SSL encryption: follow the applicable STIG detailing Microsoft server procedures for procuring and binding SSL Certificates.