The MDM server must automatically audit administrator account disabling actions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36070	SRG-APP-028-MDM-070-SRV	SV-47461r1_rule		Medium

Description
When accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying processes themselves. In order to detect and respond to events the MDM server must audit account disabling actions and, as required, notify the appropriate individuals, so they can investigate the event. Such a capability greatly reduces the risk that accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes.

Description

When accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying processes themselves. In order to detect and respond to events the MDM server must audit account disabling actions and, as required, notify the appropriate individuals, so they can investigate the event. Such a capability greatly reduces the risk that accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44309r1_chk )
Review the MDM server configuration to determine whether the system is configured to automatically audit administrator account disabling actions. If this is not configured, this is a finding.

Fix Text (F-40600r1_fix)
Configure the MDM server to automatically audit administrator account disabling actions.