The application must enforce dual authorization, based on organizational policies and procedures for organization defined privileged commands.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36376 | SRG-APP-034-NA | SV-47780r1_rule | Medium |
| Description |
|---|
| Dual authorization requires 2 distinct approving authorities to approve the use of an application command prior to it being invoked. This capability is typically reserved for specific application functionality where the application owner, data owner or organization requires an additional assurance that certain application commands are only invoked under the utmost authority. When a policy is defined stating that certain commands contained within an application require dual-authorization before they may be invoked, or when an organization defines a set of application related privileged commands requiring dual authorization, the application must support those requirements. Rationale for non-applicability: The IA posture of the MDM server does not warrant dual authorization, and is therefore out of scope for this version of the MDM SRG. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44618r1_chk ) |
|---|
| This requirement is NA for the MDM SRG. |
| Fix Text (F-40908r1_fix) |
|---|
| The requirement is NA. No fix is required. |