The MDM server must be configured to display an alert to the administrator when handhelds have been inactive after a defined period of time.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33996 | WIR-GMMS-31 | SV-44449r1_rule | IAAC-1 | Low |
| Description |
|---|
| An inactive mobile device is an indication that the device may have been lost or stolen. In addition, provisioned devices have monthly fees associated with them and management should consider reallocating inactive devices. |
| STIG | Date |
|---|---|
| Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41997r2_chk ) |
|---|
| 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each policy set users are assigned to and, in turn, verify the required settings are in the policy set. Verify the policy is configured to report to the system administrator if the device has not contacted the MDM server in 3 weeks or less. -Note: If there is a finding, note the name of the policy set in the Findings Details section in VMS/Component Provided Tracking Database. Mark as a finding if the required setting is not set on the MDM server. If the Good Technology MDM server is used: Verify “Display handhelds as inactive after” is checked and select any value of 3 weeks or less (Settings Tab, Good Mobile Control – User Settings/Policy Settings). |
| Fix Text (F-37913r2_fix) |
|---|
| Configure the MDM server to display an alert to the administrator when handhelds have been inactive after a defined period of time (3 weeks or less). |