Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
A unique database name and a unique MySQL user with a secure password must be created for use in Jamf Pro EMM.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-99601 | JAMF-10-100080 | SV-108705r1_rule | Medium |
| Description |
|---|
| If the default MySQL database name and password are not changed an adversary could gain unauthorized access to the application which could lead to the compromise of sensitive DoD data. SFR ID: FMT_SMF.1(2)b. / IA-5(1)(c) Satisfies: SRG-APP-000171 |
| STIG | Date |
|---|---|
| Jamf Pro v10.x EMM Security Technical Implementation Guide | 2020-02-04 |
Details
| Check Text ( C-98451r1_chk ) |
|---|
| Verify a unique database name and a unique MySQL user with a secure password have been created for use in Jamf Pro EMM. 1. Execute the show databases command. - Ensure at least one database name other than the default databases exits. The default databases are: infomation_schema mysql performance_schema sys 2. Verify there is a unique MySQL user. - In MySQL, run select * mysql.user; - Look for a user that is not Root or one of the other MySQL service accounts. Both of these steps must be correct. If a unique database name and a unique MySQL user with a secure password have not been created, this is a finding. |
| Fix Text (F-105285r1_fix) |
|---|
| Create a unique database name and a unique MySQL user with a secure password. The procedure is found in the following Jamf Knowledge Base article: https://www.jamf.com/jamf-nation/articles/542/title |