Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must perform required actions when a security related alert is received.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36166 | SRG-APP-286-MDM-164-MDM | SV-47570r1_rule | High |
| Description |
|---|
| Incident response functions are intended to monitor, detect, and alarm on defined events occurring on the system or on the network. A large part of their functionality is accurate and timely notification of events. Notifications can be made more efficient by the creation of notification groups containing members who would be responding to a particular alarm or event. Types of actions the MDM server must be able to perform after a security alert include: log the alert, send email to a system administrator, wipe the managed mobile device, lock the mobile device account on the MDM server, disable the security container, wipe the security container, and delete an unapproved application. Security alerts include any alert from the MDIS or MAM component of the MDM server. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44406r1_chk ) |
|---|
| Review the MDM server configuration to determine if it has the capability to perform required actions after receiving a security related alert. If the MDM server cannot perform required actions after receiving a security related alert, this is a finding. |
| Fix Text (F-40696r1_fix) |
|---|
| Use a MDM server that can perform required actions after receiving security related alerts. |