All Workspace ONE UEM server local accounts created during application installation and configuration must be disabled or removed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-221650	VMW1-00-200040	SV-221650r805071_rule		Medium

Description
A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). Satisfies: SRG-APP-000148 SFR ID: FMT_SMF.1.1(2) b / IA-5(1)(a)

Description

A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). Satisfies: SRG-APP-000148 SFR ID: FMT_SMF.1.1(2) b / IA-5(1)(a)

STIG	Date
VMware Workspace ONE UEM Security Technical Implementation Guide	2021-11-04

Details

Check Text ( C-23365r805069_chk )
Review the configuration for Workspace ONE UEM server administrative accounts for any local accounts: 1. Log in to the Workspace ONE UEM Administration console. 2. Choose Accounts >> Administrators >> List View. 3. Review user types under the Admin Type heading. If any users have an Admin Type of "Basic", this is a finding. Exception: One local "Emergency" account may remain.

Fix Text (F-23354r805070_fix)
Configure the Workspace ONE UEM server to remove any local accounts created during installation and configuration. Exception: One local "Emergency" account may remain. 1. Log in to the Workspace ONE UEM Administration console. 2. Choose Accounts >> Administrators >> List View. 3. Review user types under the Admin Type heading, and select all users, and only users with an Admin Type of "Basic". Do NOT select users with an Admin Type of "Directory". Selecting one or more users with the "Basic" Admin Type will cause the "More Actions" drop-down to appear. 4. From the More Actions drop down select "Delete". This will result in an "Are you sure you want to delete this record?" pop-up box asking to confirm deletion of the selected account(s). 5. Click "OK" to delete the selected accounts.

Fix Text (F-23354r805070_fix)

Configure the Workspace ONE UEM server to remove any local accounts created during installation and configuration.

Exception: One local "Emergency" account may remain.

1. Log in to the Workspace ONE UEM Administration console.
2. Choose Accounts >> Administrators >> List View.
3. Review user types under the Admin Type heading, and select all users, and only users with an Admin Type of "Basic". Do NOT select users with an Admin Type of "Directory". Selecting one or more users with the "Basic" Admin Type will cause the "More Actions" drop-down to appear.
4. From the More Actions drop down select "Delete". This will result in an "Are you sure you want to delete this record?" pop-up box asking to confirm deletion of the selected account(s).
5. Click "OK" to delete the selected accounts.