The MDM server must disable the use of organization defined networking protocols within the operating system deemed to be non-secure except for explicitly identified components in support of specific operational requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36073	SRG-APP-020-MDM-073-SRV	SV-47464r1_rule		Medium

Description
Some networking protocols may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or base the security decision on the assessment of other entities. Based on that assessment some may be deemed to be non-secure except for explicitly identified components in support of specific operational requirements. Networking protocols used may be complaint with the DoD The Category Assurance List (CAL).

Description

Some networking protocols may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or base the security decision on the assessment of other entities. Based on that assessment some may be deemed to be non-secure except for explicitly identified components in support of specific operational requirements. Networking protocols used may be complaint with the DoD The Category Assurance List (CAL).

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44312r1_chk )
Review the MDM server configuration to ensure only organization defined network protocols are enabled. Explicitly identified components deemed necessary to support operation requirements are allowed. If non-organizational components are enabled, this is a finding.

Fix Text (F-40603r1_fix)
Configure the MDM server to disable the use of organization defined networking protocols within the operating system deemed to be non-secure except for explicitly identified components in support of specific operational requirements.