The MDM server must automatically audit administrator account modification.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36334 | SRG-APP-027-MDM-277-SRV | SV-47738r1_rule | Medium |
| Description |
|---|
| Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Auditing administrator account modification ensures forensic information is available to track these instances. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44575r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the MDM server automatically audits administrator account modification. If the MDM server does not automatically audit administrator account modification, this is a finding. |
| Fix Text (F-40865r1_fix) |
|---|
| Configure the MDM server to automatically audit administrator account modification. |