Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-24973 | WIR-WMS-GD-002 | SV-30810r2_rule | ECSC-1 | Medium |
Description |
---|
The host server where the mobile management server is installed must be compliant with the Windows STIG and applicable application STIGs to ensure the system is not vulnerable to attack resulting in a Denial of Service or compromise of the management server. |
STIG | Date |
---|---|
Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Check Text ( C-31226r5_chk ) |
---|
Work with the OS Reviewer or check VMS for last review of each host server where a mobile management server is installed. This includes the host server for the MDM, MAM, MDIS, and MEM servers. The review should include the SQL server, Apache Tomcat, and IIS, if installed. Mark as a finding if the previous or current OS review of the Windows server did not include the SQL or other applications included with the management server. |
Fix Text (F-27613r2_fix) |
---|
Conduct required STIG reviews of the OS and all installed applications on the host server. |