UCF STIG Viewer Logo

The MDM server must ensure authentication of both mobile device MDM server agent and server during the entire session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36161 SRG-APP-219-MDM-160-MDM SV-47565r1_rule Medium
Description
MDM server can be prone to man-in-the middle attacks. If communication sessions are not provided appropriate validity protections, such as the employment of SSL Mutual Authentication authenticity of the data cannot be guaranteed.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44401r1_chk )
Review the MDM server configuration to ensure the MDM server ensures authentication of both mobile device MDM server agent and server during the entire session. If it does not, this is a finding.
Fix Text (F-40691r1_fix)
Configure the MDM server to authenticate both the mobile device MDM server agent and server during the entire session.