The password age of the MDM server security container on the mobile device must be set to 120 days or less.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24988 | WIR-WMS-GD-009-01 | SV-39982r2_rule | ECWN-1 IAIA-1 | Low |
| Description |
|---|
| In environments in which an adversary can learn the device or container password and have repeated access to the device without the user’s knowledge, expiring the password can prevent such repeated use over an extended period of time (120 days or more). In environments in which the user has control of the device at most times and would detect its absence, this control is not as valuable. |
| STIG | Date |
|---|---|
| Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Details
| Check Text ( C-39021r8_chk ) |
|---|
| This check is Not Applicable if CAC authentication is used for the security container. Password expiration is only required if the DAA deems it necessary due to the operational risk and mission need. If used, recommend the value be set to 120 days or less. 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each security policy iOS devices are assigned to and, in turn, verify the required settings are in the policy. Verify the security container password expiration is set to 120 days or less. Mark as a finding if the password expiration is not set as required, if the DAA has determined this setting is required. Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database. |
| Fix Text (F-27629r4_fix) |
|---|
| Set the MDM server security container password to expire in 120 days or less, if the DAA determines the setting is required. |