UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MDM server must automatically disable inactive administrator accounts after an organization defined time period.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36007 SRG-APP-025-MDM-002-SRV SV-47396r1_rule High
Description
Users are often the first line of defense within an application. Account management and distribution is vital to the security of the application. If an attacker compromises an account, the entire MDM server infrastructure, including the mobile devices on the network, are at risk. Authentication for user or administrative access to the system is required at all times. Inactive accounts could be reactivated or compromised by unauthorized users allowing them to exploit vulnerabilities and maintain undetected access to the system. There is always a risk for inactive accounts to be reactivated or compromised by unauthorized users who could then gain full control of the device; thereby enabling them to trigger a Denial of Service, intercept sensitive information, or disrupt the MDM server.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44246r1_chk )
Review the MDM server configuration to determine whether an inactive administrator account can automatically be disabled after a set period of time. If the duration is not set in accordance to the organization's policy, this is a finding.
Fix Text (F-40537r1_fix)
Configure the MDM server to automatically disable an inactive administrator account after a set period of time.