Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35996 | SRG-MPOL-078 | SV-47312r1_rule | Low |
Description |
---|
The security posture of the MDM server could be compromised if the administrator is not trained to follow required procedures. |
STIG | Date |
---|---|
Mobile Policy Security Requirements Guide | 2013-07-03 |
Check Text ( C-44233r1_chk ) |
---|
Verify the MDM server administrator(s) has received annual required training. The site should document when the training was completed. The MDM server administrator must be trained on the following requirements: -Administrative service accounts will not be used to log into the MDM server or any server service. -Activation passwords or PINs will consist of a pseudo-random pattern of at least eight characters consisting of at least two letters and two numbers. A new activation password must be selected each time one is assigned (e.g., the same password cannot be used for all users or for a group of users). - User and group accounts on the CMD management server will always be assigned a STIG-compliant security/IT policy. If the MDM server admin did not receive required training annually, this is a finding. |
Fix Text (F-40523r1_fix) |
---|
Develop and publish policy mandating the MDM administrator completes and documents his/her training annually. |