The MDM server must maintain the binding of digital credentials to information with sufficient assurance that the information/credential association can be used as the basis for automated policy actions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36266 | SRG-APP-011-MDM-238-SRV | SV-47670r1_rule | High |
| Description |
|---|
| Without the assurance of credential association with the information, policy decisions based on that association become faulty and potentially allow for authorization decisions that are applied incorrectly. Sufficient assurance: assurance that the digital credential has not been removed, replaced or modified. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44506r1_chk ) |
|---|
| Review system documentation to determine whether the MDM server maintains the binding of digital credentials to information with sufficient assurance that the information/credential association can be used as the basis for automated policy actions. If these bindings are not maintained, this is a finding. |
| Fix Text (F-40796r1_fix) |
|---|
| Configure the MDM server to maintain the binding of digital credentials to information with sufficient assurance that the information/credential association can be used as the basis for automated policy actions. |