The MDM server must limit the number of concurrent sessions for each account to an organization defined number of sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36015 | SRG-APP-001-MDM-010-SRV | SV-47404r1_rule | Medium |
| Description |
|---|
| Limiting the number of concurrent sessions reduces the risk of Denial of Service (DoS) to the MDM server from overburdening the system from a potential attacker. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44254r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the number of concurrent sessions for each account is limited to an organization defined number of sessions. If number of concurrent user sessions is not set to the organization defined value, this is a finding. |
| Fix Text (F-40545r1_fix) |
|---|
| Configure the MDM server to limit the number of concurrent sessions for each account to an organization defined number of sessions. |