The MDM server must support administrator authentication to the server via the Enterprise Authentication Mechanisms authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36024 | SRG-APP-166-MDM-021-SRV | SV-47413r1_rule | Medium |
| Description |
|---|
| In the DoD, Administrator credential requirements for authentication are defined by CTO 07-115 Rev 1, which is usually enforced by the Enterprise Authentication Mechanism. Non-complaint credential enforcement mechanisms make the DoD IS vulnerable to attack. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44263r1_chk ) |
|---|
| Review the MDM server configuration to determine whether authentication to the server is being performed by the Enterprise Authentication Mechanism. If access to the server is not being authenticated via this method, this is a finding. |
| Fix Text (F-40554r1_fix) |
|---|
| Configure the MDM server to support administrator authentication to the server via the Enterprise Authentication Mechanism's authentication. |