V-80971 | High | Only authorized versions of the IBM MaaS360 server must be used. | The IBM MaaS360 V2 server is no longer supported by IBM and therefore, may contain security vulnerabilities. The IBM MaaS360 V2 server is not authorized within the DoD. |
V-65633 | Medium | The MaaS360 Server must be configured with the Administrator roles:
a. MD user;
b. Server primary administrator;
c. Security configuration administrator;
d. Device user group administrator;
e. Auditor. | Having several roles for the MaaS360 Server supports separation of duties. This allows administrator-level privileges to be granted granularly, such as giving application management privileges to... |
V-65635 | Medium | The MaaS360 Server must be configured to enable all required audit events: Failure to push a new application on a managed mobile device. | Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary.
SFR... |
V-65637 | Medium | The MaaS360 Server must be configured to enable all required audit events: Failure to update an existing application on a managed mobile device. | Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary.
SFR... |
V-65639 | Medium | The MaaS360 Server must leverage the MDM Platform user accounts and groups for MaaS360 Server user identification and authentication. | A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker... |
V-65641 | Medium | The MaaS360 server platform must be protected by a DoD-approved firewall. | Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential... |
V-65643 | Medium | The firewall protecting the MaaS360 server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support MDM server and platform functions. | Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
V-65645 | Medium | The MaaS360 Agent must be configured to alert via the trusted channel to the MaaS360 Server for the following event: change in enrollment status. | Alerts providing notification of a change in enrollment state facilitate verification of the correct operation of security functions. When a MaaS360 Server receives such an alert from a MaaS360... |
V-65631 | Low | Before establishing a user session, the MaaS360 Server must display an administrator-specified advisory notice and consent warning message regarding use of the MaaS360 Server. | Note: The advisory notice and consent warning message is not required if the General Purpose OS or Network Device displays an advisory notice and consent warning message when the administrator... |