UCF STIG Viewer Logo

The MDM server must perform required actions when a security related alert is received.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36166 SRG-APP-286-MDM-164-MDM SV-47570r1_rule High
Description
Incident response functions are intended to monitor, detect, and alarm on defined events occurring on the system or on the network. A large part of their functionality is accurate and timely notification of events. Notifications can be made more efficient by the creation of notification groups containing members who would be responding to a particular alarm or event. Types of actions the MDM server must be able to perform after a security alert include: log the alert, send email to a system administrator, wipe the managed mobile device, lock the mobile device account on the MDM server, disable the security container, wipe the security container, and delete an unapproved application. Security alerts include any alert from the MDIS or MAM component of the MDM server.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44406r1_chk )
Review the MDM server configuration to determine if it has the capability to perform required actions after receiving a security related alert. If the MDM server cannot perform required actions after receiving a security related alert, this is a finding.
Fix Text (F-40696r1_fix)
Use a MDM server that can perform required actions after receiving security related alerts.