The MDM server must be able to detect if the security policy has been modified, disabled, or bypassed on managed mobile devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36152 | SRG-APP-137-MDM-151-MDM | SV-47556r1_rule | High |
| Description |
|---|
| If the security policy has been modified in an unauthorized manner, IA is severely degraded and a variety of further attacks are possible. Detecting whether the security policy has been modified or disabled mitigates these risks. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44392r1_chk ) |
|---|
| Review the MDM server configuration to ensure the MDM server can detect if the security policy has been modified, disabled, or bypassed on managed mobile devices. If this function is not present, this is a finding. |
| Fix Text (F-40682r1_fix) |
|---|
| Configure the MDM server to detect if the security policy has been modified, disabled, or bypassed on managed mobile devices. |