OTA Provisioning PIN reuse must not be allowed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-24999	WIR-GMMS-009	SV-30739r2_rule	ECWN-1	Low

Description
The reuse of the OTA PIN can allow a hacker to provision an unauthorized device on the system.

STIG	Date
Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG)	2013-05-08

Details

Check Text ( C-31149r5_chk )
This check is valid only with the Good Technology MDM server. It is Not Applicable (NA) for all other MDM servers. 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each policy set users are assigned to and, in turn, verify the required settings are in the policy set. -Note: If there is a finding, note the name of the policy set in the Findings Details section in VMS/Component Provided Tracking Database. -Verify “Allow OTA Provisioning PIN reuse” is unchecked. Mark as a finding if “Allow OTA Provisioning PIN reuse” is checked.

Check Text ( C-31149r5_chk )

This check is valid only with the Good Technology MDM server. It is Not Applicable (NA) for all other MDM servers.

1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.

2. Select each policy set users are assigned to and, in turn, verify the required settings are in the policy set.

-Note: If there is a finding, note the name of the policy set in the Findings Details section in VMS/Component Provided Tracking Database.

-Verify “Allow OTA Provisioning PIN reuse” is unchecked.

Mark as a finding if “Allow OTA Provisioning PIN reuse” is checked.

Fix Text (F-27642r2_fix)
Disable (uncheck) “Allow OTA Provisioning PIN reuse” in the iOS policy on the MDM server.