The MDM server device integrity validation component device integrity validation scan interval must be configurable (desired setting is 6 hours or less).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36184	SRG-APP-262-MDM-177-MDIS	SV-47588r1_rule		High

Description
Unauthorized changes to the operating system software or information on the system can possibly result in integrity or availability concerns. In order to quickly react to this situation, the operating system must detect these changes. One aspect of detection is the frequency at which the scans occur. The ability to set an appropriate frequency mitigates the risk that an attack will go without detection longer than the scanning interval.

Description

Unauthorized changes to the operating system software or information on the system can possibly result in integrity or availability concerns. In order to quickly react to this situation, the operating system must detect these changes. One aspect of detection is the frequency at which the scans occur. The ability to set an appropriate frequency mitigates the risk that an attack will go without detection longer than the scanning interval.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44424r2_chk )
Review the MDM server configuration to ensure the MDM server device integrity validation component can configure the device integrity validation scan interval (Desired setting is 6 hours or less). If this function is not present, this is a finding.

Fix Text (F-40714r2_fix)
Configure the MDM server device integrity validation component device integrity validation scan interval to 6 hours or less.