UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mobile device accounts must not be assigned default and non-STIG compliant security/IT policies.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24978 WIR-WMS-GD-007 SV-30819r2_rule ECSC-1 High
Description
The mobile device default security/IT policy on the MDM does not include most DoD-required security policies for data encryption, authentication, and access control. Also, non-STIG compliant policy may not meet critical (CAT I and CAT II) security requirements. DoD enclaves are at risk of data exposure and hacker attack if devices are assigned default or other non-STIG compliant security/IT policies.
STIG Date
Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-31348r6_chk )
Mobile device accounts will only be assigned a STIG-compliant security/IT policy.

Determine which policy sets on the MDM server user accounts have been assigned to using the following procedures:

-Have the SA identify any non STIG-compliant policy sets and STIG-compliant policy sets on the server by using the following procedures:
--Log into the MDM console.

--View all iOS policies on the server.

-Note: STIG-compliant policies should be identified as such in the policy title. An example is STIG_iOS_Policy. It is recommended that all non-STIG policies be deleted.

Note: Other checks will be used to verify the policy sets identified as STIG-compliant are configured correctly.

Verify all devices are assigned to a STIG policy set. The exact procedure will depend on the MDM product being reviewed.

Mark as a finding if any mobile device account is assigned a policy set identified as not STIG-compliant.
Fix Text (F-27619r6_fix)
Only assign mobile device accounts a STIG-compliant security/IT policy.