The MDM server must only allow authorized administrators to associate PKI credentials with information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36268 | SRG-APP-012-MDM-239-SRV | SV-47672r1_rule | High |
| Description |
|---|
| Without the assurance of credential association with the information, policy decisions based on that association become faulty and potentially allow for authorization decisions that are applied incorrectly. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44508r1_chk ) |
|---|
| Review MDM server configuration to determine whether the MDM server only allows authorized administrators to associate PKI credentials with information. If the MDM server allows individuals other than authorized administrators to associate PKI credentials with information, this is a finding. |
| Fix Text (F-40798r1_fix) |
|---|
| Configure MDM server administrator accounts so only authorized administrators can associate PKI credentials with information. |