Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-26728 | WIR-GMMS-010-04 | SV-33971r2_rule | ECWN-1 | Low |
Description |
---|
Older software versions do not support required security features. |
STIG | Date |
---|---|
Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Check Text ( C-34841r14_chk ) |
---|
If the MDM client provides the mobile device security container, use the following procedure for verifying requirement is met: 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy using the following procedure: -Have the SA identify STIG compliant and non compliant policies on the server. --Log into the MDM server console. --Click on the Policies tab. --View all iOS security policies on the server. -Note: STIG-compliant policies should be identified as such in the policy title. An example is STIG_iOS_Policy. It is recommended that all non-STIG policies be deleted. 2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. -Note: If there is a finding, note the name of the non STIG-compliant policy in the Findings Details section in VMS/Component Provided Tracking Database. -Launch the MDM console and click on the Policies tab. -Select an iOS security policy to review. -The exact procedure used to verify the required setting will vary by MDM product. For the Good Technology MDM server: -On the left tab, select Compliance Manager. -Verify the “Good Client Version Verification” rule is listed. (Note that the rule title does not have to be exact.) -Open the rule by checking the box next to the rule, then click on Edit. -Verify the following are set: Platform: iPhone Check to Run: Good Version Verification -Verify the client version checked is at least 1.9.8. -Verify "Failure Action" is set to "Quit Good for Enterprise". -Verify "Check Every" is set to "1 hour". Mark as a finding if the iOS security policy is not set up to enforce the required version of the MDM agent. |
Fix Text (F-30027r2_fix) |
---|
Set up a compliance rule on the MDM server to check the version of the MDM agent on the mobile device. |