Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must lock the application after an organization defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36017 | SRG-APP-003-MDM-012-SRV | SV-47406r1_rule | High |
| Description |
|---|
| If the MDM server does not support a lock feature, then anyone who gains access to the application may be able to access sensitive DoD information or perform other authorized functions. The lock feature mitigates the risk of unauthorized access. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44256r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the system is locked after a period of inactivity. Clock the time on a different device to validate the application is correctly enforcing the time period. If the session lock does not occur, this is a finding. |
| Fix Text (F-40547r1_fix) |
|---|
| Configure the MDM server to lock the server after an organization defined time period. |