Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must automatically audit administrator account modification.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36334 | SRG-APP-027-MDM-277-SRV | SV-47738r1_rule | Medium |
| Description |
|---|
| Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify an existing account. Auditing administrator account modification ensures forensic information is available to track these instances. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44575r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the MDM server automatically audits administrator account modification. If the MDM server does not automatically audit administrator account modification, this is a finding. |
| Fix Text (F-40865r1_fix) |
|---|
| Configure the MDM server to automatically audit administrator account modification. |