The MDM server must limit privileges to change software resident within software libraries (including privileged programs).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36075	SRG-APP-133-MDM-075-SRV	SV-47466r1_rule		Low

Description
Any changes to the MDM server software can potentially have significant effects on the overall security and functionality of the system. Therefore, only qualified and authorized individuals should be allowed to obtain access to the MDM server software resident within the software libraries. If non-authorized users were to make changes to software libraries, those changes could be implemented without undergoing the appropriate testing, validation, and approval, as well as lead to system degradation and denial of service.

Description

Any changes to the MDM server software can potentially have significant effects on the overall security and functionality of the system. Therefore, only qualified and authorized individuals should be allowed to obtain access to the MDM server software resident within the software libraries. If non-authorized users were to make changes to software libraries, those changes could be implemented without undergoing the appropriate testing, validation, and approval, as well as lead to system degradation and denial of service.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44314r1_chk )
Review the MDM server configuration to ensure only the administrator can change software resident within software libraries. If any other user is allowed to change resident software within software libraries, this is a finding.

Fix Text (F-40605r1_fix)
Configure the MDM server to only allow the administrator to change software resident within software libraries.