UCF STIG Viewer Logo

The Samsung SDS EMM agent must be configured for the periodicity of reachability events for six hours or less.


Overview

Finding ID Version Rule ID IA Controls Severity
V-73215 SEMM-15-200010 SV-87867r1_rule Low
Description
Mobile devices that do not enforce security policy or verify the status of the device are vulnerable to a variety of attacks. The key security function of MDM technology is to distribute mobile device security polices in such a manner that they are enforced on managed mobile devices. To accomplish this function, the Samsung SDS EMM agent must verify the status and other key information of the managed device and report that status to the MDM server periodically. SFR ID: FMT_SMF_EXT.3.2
STIG Date
Samsung SDS EMM v1.5.x Security Technical Implementation Guide 2017-01-20

Details

Check Text ( C-73317r1_chk )
Review the MDM agent configuration settings to determine if the agent is configured with a periodicity of reachable events set to six hours or less.

This validation procedure is performed on both the Samsung SDS EMM Server Admin Console.
1) Log in to the Samsung SDS EMM Server Admin Console using a web browser.
2) Go to Settings >> Service >> Configuration.
3) For Android: On row 20 verify “Inventory Collection Period for Android (Hrs)” is set to "6" or less.
4) For iOS: On row 21 verify “Inventory Collection Period for iOS (Hrs)” is set to "6" or less.

If the periodicity of reachable events is not set to "6" hours or less, this is a finding.
Fix Text (F-79661r1_fix)
Configure the MDM agent periodicity of reachable events to six hours or less.

On the MDM console, do the following:
1) Log in to the Samsung SDS EMM Server Admin Console using a web browser.
2) Go to Settings >> Service >> Configuration.
3) For Android: Ensure that row 20 “Inventory Collection Period for Android (Hrs)” shows a value of "6" or less.
4) For iOS: Ensure that row 21 “Inventory Collection Period for iOS (Hrs)” shows a value of "6" or less.
5) Click on the check-mark box in the top left of the "Configuration" screen to "Apply Changes".
6) Click “OK” on the “Notify” save completed window.

On the MDM agent, do the following:
No actions required on the MDM agent