UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

When the MDM server is configured to allow connections from managed mobile devices to back-office servers and network shares, the server must be configured to accept only trusted connections to those resources.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36157 SRG-APP-161-MDM-157-MDM SV-47561r1_rule Medium
Description
Device authentication is a solution enabling an organization to manage both users and devices. This requirement applies to MDM servers that provide mobile device and user access to network shares, web servers, and other network resources located on the internal enclave (back-office servers, etc.). This connection bypasses user network authentication mechanisms (i.e., CAC authentication). Therefore, the MDM server must allow connections to only back-office network resources that support CAC authentication with the mobile device user. In this case, a trusted connection refers to mutual PKI based authentication between the MDM server and the network server.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44397r1_chk )
Review the MDM server configuration to ensure the MDM server is configured to accept only trusted connections to resources from managed mobile devices to back-office servers and network shares. If this is not configured, this is a finding.
Fix Text (F-40687r1_fix)
If the MDM server is configured to allow connections from managed mobile devices to back-office servers and network shares, configure the MDM server to accept only trusted connections to those resources.