Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must automatically disable inactive administrator accounts after an organization defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36007 | SRG-APP-025-MDM-002-SRV | SV-47396r1_rule | High |
| Description |
|---|
| Users are often the first line of defense within an application. Account management and distribution is vital to the security of the application. If an attacker compromises an account, the entire MDM server infrastructure, including the mobile devices on the network, are at risk. Authentication for user or administrative access to the system is required at all times. Inactive accounts could be reactivated or compromised by unauthorized users allowing them to exploit vulnerabilities and maintain undetected access to the system. There is always a risk for inactive accounts to be reactivated or compromised by unauthorized users who could then gain full control of the device; thereby enabling them to trigger a Denial of Service, intercept sensitive information, or disrupt the MDM server. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44246r1_chk ) |
|---|
| Review the MDM server configuration to determine whether an inactive administrator account can automatically be disabled after a set period of time. If the duration is not set in accordance to the organization's policy, this is a finding. |
| Fix Text (F-40537r1_fix) |
|---|
| Configure the MDM server to automatically disable an inactive administrator account after a set period of time. |