The MDM server must provide automated support for account management functions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36006	SRG-APP-023-MDM-001-SRV	SV-47395r1_rule		High

Description
A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. As accounts are created or terminated and privilege levels are updated, the MDM server implementation must be configured so it automatically recognizes and supports this activity and immediately enforces the current account policy.

Description

A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. As accounts are created or terminated and privilege levels are updated, the MDM server implementation must be configured so it automatically recognizes and supports this activity and immediately enforces the current account policy.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44245r1_chk )
Review the MDM server configuration to determine whether the MDM server is providing automated support for account management functions. If this function is not being performed, this is a finding.

Fix Text (F-40536r1_fix)
Configure the MDM server to provide automated support for account management functions.