The MDM server must have the capability to enable and disable a managed mobile device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36170	SRG-APP-134-MDM-166-MDM	SV-47574r1_rule		High

Description
Under some conditions, a compromised device represents a threat to other computing resources on the network. For example, a compromised device may attempt to conduct a denial of service attack on other devices, or may be executing a mechanism to spread malware before a countermeasure has been put in place. In these situations, it is critical that an MDM server be able to disable the device to protect other network resources.

Description

Under some conditions, a compromised device represents a threat to other computing resources on the network. For example, a compromised device may attempt to conduct a denial of service attack on other devices, or may be executing a mechanism to spread malware before a countermeasure has been put in place. In these situations, it is critical that an MDM server be able to disable the device to protect other network resources.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44410r1_chk )
Review the MDM server configuration to ensure the MDM server can enable and disable a managed mobile device. If this function is not present, this is a finding.

Fix Text (F-40700r1_fix)
Configure the MDM server so it can enable and disable a managed mobile device.