When the MDM server is configured to allow connections from managed mobile devices to back-office servers and network shares, the server must be configured to accept only trusted connections to those resources.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36157 | SRG-APP-161-MDM-157-MDM | SV-47561r1_rule | Medium |
| Description |
|---|
| Device authentication is a solution enabling an organization to manage both users and devices. This requirement applies to MDM servers that provide mobile device and user access to network shares, web servers, and other network resources located on the internal enclave (back-office servers, etc.). This connection bypasses user network authentication mechanisms (i.e., CAC authentication). Therefore, the MDM server must allow connections to only back-office network resources that support CAC authentication with the mobile device user. In this case, a trusted connection refers to mutual PKI based authentication between the MDM server and the network server. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44397r1_chk ) |
|---|
| Review the MDM server configuration to ensure the MDM server is configured to accept only trusted connections to resources from managed mobile devices to back-office servers and network shares. If this is not configured, this is a finding. |
| Fix Text (F-40687r1_fix) |
|---|
| If the MDM server is configured to allow connections from managed mobile devices to back-office servers and network shares, configure the MDM server to accept only trusted connections to those resources. |