The MDM server must be configured to not autocomplete the entry of passwords to the security container.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33994 | WIR-GMMS-30 | SV-44447r1_rule | ECWN-1 IAIA-1 | High |
| Description |
|---|
| If the autocomplete feature is enabled, a hacker could gain access to the Good security container by knowing only a few characters of the container password and then access sensitive data in the container. |
| STIG | Date |
|---|---|
| Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Details
| Check Text ( C-41996r3_chk ) |
|---|
| This check is valid only with Good technology MDM server. It is Not Applicable (NA) for all other MDM servers. 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each policy set users are assigned to and, in turn, verify the required settings are in the policy set. Verify “Disable remembering login credentials” is checked (Settings Tab, Good Mobile Control – User Settings). Mark as a finding if “Disable remembering login credentials” is not checked. -Note: If there is a finding, note the name of the policy set in the Findings Details section in VMS/Component Provided Tracking Database. |
| Fix Text (F-37910r1_fix) |
|---|
| Check “Disable remembering login credentials” in the security policy on the Good server. |