The MDM server must have a DoD approved host-based firewall installed on the host server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36430	SRG-APP-142-MDM-028-SRV	SV-47834r1_rule		High

Description
Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations. Since MDM server is a critical component of the mobility architecture and it must be configured to only those ports, protocols, and services (PPS) necessary to support functionality, all others must be expressly disabled or removed. A host firewall installed on the MDM server provides a protection mechanism to ensure unwanted service requests do not reach the MDM server and outbound traffic is limited to only MDM server functionality.

Description

Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations. Since MDM server is a critical component of the mobility architecture and it must be configured to only those ports, protocols, and services (PPS) necessary to support functionality, all others must be expressly disabled or removed. A host firewall installed on the MDM server provides a protection mechanism to ensure unwanted service requests do not reach the MDM server and outbound traffic is limited to only MDM server functionality.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44672r1_chk )
Examine the server configuration to determine whether there is a DoD approved host-based firewall installed. If no firewall is installed, this is a finding. If a non-approved firewall is installed, this is a finding.

Fix Text (F-40962r1_fix)
Remove any non-approved firewalls if present. Install a DoD approved host-based firewall.