UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

IBM MaaS360 v2.3.x MDM Security Technical Implementation Guide


Overview

Date Finding Count (9)
2018-09-13 CAT I (High): 1 CAT II (Med): 7 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Public)

Finding ID Severity Title
V-80971 High Only authorized versions of the IBM MaaS360 server must be used.
V-65633 Medium The MaaS360 Server must be configured with the Administrator roles: a. MD user; b. Server primary administrator; c. Security configuration administrator; d. Device user group administrator; e. Auditor.
V-65635 Medium The MaaS360 Server must be configured to enable all required audit events: Failure to push a new application on a managed mobile device.
V-65637 Medium The MaaS360 Server must be configured to enable all required audit events: Failure to update an existing application on a managed mobile device.
V-65639 Medium The MaaS360 Server must leverage the MDM Platform user accounts and groups for MaaS360 Server user identification and authentication.
V-65641 Medium The MaaS360 server platform must be protected by a DoD-approved firewall.
V-65643 Medium The firewall protecting the MaaS360 server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support MDM server and platform functions.
V-65645 Medium The MaaS360 Agent must be configured to alert via the trusted channel to the MaaS360 Server for the following event: change in enrollment status.
V-65631 Low Before establishing a user session, the MaaS360 Server must display an administrator-specified advisory notice and consent warning message regarding use of the MaaS360 Server.