The MobileIron Core v10 server must be configured with a periodicity for reachable events of six hours or less for the following commands to the agent: - query connectivity status; - query the current version of the MD firmware/software; - query the current version of the hardware model of the device; - query the current version of installed mobile applications;

The MobileIron Core v10 server must be configured with a periodicity for reachable events of six hours or less for the following commands to the agent: - query connectivity status; - query the current version of the MD firmware/software; - query the current version of the hardware model of the device; - query the current version of installed mobile applications; - read audit logs kept by the MD.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-91815	MICR-10-000570	SV-101917r1_rule		Medium

Description
Key security-related status attributes must be queried frequently so the MobileIron Core v10 server can report status of devices under management to the administrator and management. The periodicity of these queries must be configured to an acceptable timeframe. Six hours or less is considered acceptable for normal operations. SFR ID: FMT_SMF.1.1(2) e

STIG	Date
MobileIron Core v10.x MDM Security Technical Implementation Guide	2019-02-19

Details

Check Text ( C-90973r1_chk )
Review the MDM server configuration settings. Verify the server is configured with a periodicity for reachable events of "six hours or less" for the following commands to the agent: - query connectivity status; - query the current version of the MD firmware/software; - query the current version of the hardware model of the device; - query the current version of installed mobile applications; - read audit logs kept by the MD. Verify the sync interval for a device: 1. In the Admin Portal, go to Policies & Config >> Policies. 2. Select the default sync policy. 3. Verify that the Sync Interval is set to "360 minutes or less". If the "Sync interval" is not set up to "360 minutes or less", this is a finding.

Check Text ( C-90973r1_chk )

Review the MDM server configuration settings.

Verify the server is configured with a periodicity for reachable events of "six hours or less" for the following commands to the agent:
- query connectivity status;
- query the current version of the MD firmware/software;
- query the current version of the hardware model of the device;
- query the current version of installed mobile applications;
- read audit logs kept by the MD.

Verify the sync interval for a device:
1. In the Admin Portal, go to Policies & Config >> Policies.
2. Select the default sync policy.
3. Verify that the Sync Interval is set to "360 minutes or less".

If the "Sync interval" is not set up to "360 minutes or less", this is a finding.

Fix Text (F-98017r1_fix)
Configure the MDM server with a periodicity for reachable events of "six hours or less" for the following commands to the agent: - query connectivity status; - query the current version of the MD firmware/software; - query the current version of the hardware model of the device; - query the current version of installed mobile applications; -read audit logs kept by the MD. Configure the "sync interval" for a device. To configure the frequency for starting the synchronization process between a device and MobileIron Core: 1. In the Admin Portal, go to Policies & Config >> Policies. 2. Select the default sync policy. 3. Set "Sync Interval" to the number of minutes between synchronizations to be "360 minutes or less". 4. Click "Save".

Fix Text (F-98017r1_fix)

Configure the MDM server with a periodicity for reachable events of "six hours or less" for the following commands to the agent:
- query connectivity status;
- query the current version of the MD firmware/software;
- query the current version of the hardware model of the device;
- query the current version of installed mobile applications;
-read audit logs kept by the MD.

Configure the "sync interval" for a device.
To configure the frequency for starting the synchronization process between a device and MobileIron Core:
1. In the Admin Portal, go to Policies & Config >> Policies.
2. Select the default sync policy.
3. Set "Sync Interval" to the number of minutes between synchronizations to be "360 minutes or less".
4. Click "Save".