UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide


Overview

Date Finding Count (26)
2024-05-31 CAT I (High): 7 CAT II (Med): 13 CAT III (Low): 6
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-251001 High MobileIron Sentry must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.
V-251007 High MobileIron Sentry must be running an operating system release that is currently supported by MobileIron.
V-251006 High MobileIron Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
V-250996 High MobileIron Sentry must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirement.
V-250994 High MobileIron Sentry, for PKI-based authentication, must be configured to map validated certificates to unique user accounts.
V-250995 High MobileIron Sentry must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.
V-250988 High MobileIron Sentry must be configured to use DoD PKI as multi-factor authentication (MFA) for interactive logins.
V-251000 Medium The MobileIron Sentry must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).
V-251005 Medium MobileIron Sentry must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
V-250997 Medium MobileIron Sentry must generate unique session identifiers using a FIPS 140-2 approved random number generator.
V-250992 Medium MobileIron Sentry must enforce password complexity by requiring that at least one numeric character be used.
V-250993 Medium MobileIron Sentry must enforce password complexity by requiring that at least one special character be used.
V-250990 Medium MobileIron Sentry must enforce password complexity by requiring that at least one uppercase character be used.
V-250991 Medium MobileIron Sentry must enforce password complexity by requiring that at least one lowercase character be used.
V-250999 Medium MobileIron Sentry must be configured to synchronize internal information system clocks using redundant authoritative time sources.
V-250989 Medium MobileIron Sentry device must enforce a minimum 15-character password length.
V-250983 Medium MobileIron Sentry must be configured to limit the network access of the Sentry System Manager Portal behind the corporate firewall and whitelist source IP range.
V-250982 Medium MobileIron Sentry must limit the number of concurrent sessions for the CLISH interface to an organization-defined number for each administrator account and/or administrator account type.
V-250984 Medium MobileIron Sentry must initiate a session lock after a 15-minute period of inactivity.
V-250987 Medium MobileIron Sentry must display the Standard Mandatory DoD Notice and Consent Banner in the Sentry web interface before granting access to the device.
V-251003 Low MobileIron Sentry must enforce access restrictions associated with changes to the system components.
V-251002 Low MobileIron Sentry must off-load audit records onto a different system or media than the system being audited.
V-251004 Low MobileIron Sentry must be configured to conduct backups of system level information contained in the information system when changes occur.
V-250998 Low MobileIron Sentry must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
V-250985 Low MobileIron Sentry must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.
V-250986 Low MobileIron Sentry must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.