The MDM server must require administrators to be authenticated with an individual authenticator prior to using a group authenticator.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36039	SRG-APP-153-MDM-035-SRV	SV-47428r1_rule		High

Description
To assure individual accountability and prevent unauthorized access, MDM server administrators and users (and any processes acting on behalf of users) must be individually identified and authenticated. Without individual accountability, there can be no traceability back to an individual if there were a security incident on the system. In addition, group accounts can be shared with individuals who do not have authorized access.

Description

To assure individual accountability and prevent unauthorized access, MDM server administrators and users (and any processes acting on behalf of users) must be individually identified and authenticated. Without individual accountability, there can be no traceability back to an individual if there were a security incident on the system. In addition, group accounts can be shared with individuals who do not have authorized access.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44278r1_chk )
Review the MDM server configuration to ensure the system is authenticating through the Enterprise Authentication Mechanism that performs individual authentication prior to performing group authentication. If the MDM server is not authenticating through the Enterprise Authentication Mechanism, this is a finding.

Fix Text (F-40569r1_fix)
Configure the MDM server to authenticate through the Enterprise Authentication Mechanism.