The MDM server must notify appropriate individuals when administrator accounts are terminated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36081	SRG-APP-294-MDM-081-SRV	SV-47472r1_rule		Medium

Description
When MDM server accounts are terminated, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves. In order to detect and respond to events that affect user accessibility and application processing, applications must notify the appropriate individuals when an account is terminated, so they can investigate the event. Such a capability greatly reduces the risk that application accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes.

Description

When MDM server accounts are terminated, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves. In order to detect and respond to events that affect user accessibility and application processing, applications must notify the appropriate individuals when an account is terminated, so they can investigate the event. Such a capability greatly reduces the risk that application accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44320r1_chk )
Review the MDM server configuration to ensure the system is configured to notify appropriate individuals when administrator accounts are terminated. If the system is not configured to notify appropriate individuals when administrator accounts are terminated, this is a finding.

Fix Text (F-40611r1_fix)
Configure the MDM server to notify appropriate individuals when administrator accounts are terminated.