The MDM server must ensure that PKI-based authentication maps the authenticated identity to the user account.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36241	SRG-APP-177-MDM-223-MDM	SV-47645r1_rule		Low

Description
The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. The authenticated identity must be mapped to an account for access and authorization decisions. This capability strengthens authentication to remote information systems and thus makes it less likely that such systems will be compromised.

Description

The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. The authenticated identity must be mapped to an account for access and authorization decisions. This capability strengthens authentication to remote information systems and thus makes it less likely that such systems will be compromised.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44481r1_chk )
Direct the MDM server system administrator log into the MDM server using their CAC or Administrator Smartcard to verify the server supports PKI-based authentication. If a user cannot authenticate using their CAC or Administrator Smartcard, this is a finding.

Fix Text (F-40771r1_fix)
Configure the MDM server to support public-key certificate-based authentication.