All UEM server local accounts created during application installation and configuration must be removed. Note: In this context local accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-234358	SRG-APP-000151-UEM-000085	SV-234358r617355_rule		Medium

Description
A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). Satisfies:FMT_SMF.1.1(2) b / IA-5(1)(a) Reference:PP-MDM-431007

Description

A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). Satisfies:FMT_SMF.1.1(2) b / IA-5(1)(a) Reference:PP-MDM-431007

STIG	Date
Unified Endpoint Management Server Security Requirements Guide	2020-12-14

Details

Check Text ( C-37543r614084_chk )
Verify all UEM server local accounts created during application installation and configuration have been removed. Note: In this context "local" accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication. If all UEM server local accounts created during application installation and configuration have not been removed, this is a finding.

Check Text ( C-37543r614084_chk )

Verify all UEM server local accounts created during application installation and configuration have been removed.

Note: In this context "local" accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication.

If all UEM server local accounts created during application installation and configuration have not been removed, this is a finding.

Fix Text (F-37508r614085_fix)
Remove all UEM server local accounts created during application installation. Note: In this context "local" accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication.