STIGQter: STIG Summary: MobileIron Core v10.x MDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 15 Feb 2019:

Authentication of MDM platform accounts must be configured so they are implemented via an enterprise directory service.

DISA Rule

SV-101923r1_rule

Vulnerability Number

V-91821

Group Title

PP-MDM-314003

Rule Version

MICR-10-000660

Severity

CAT II

CCI(s)

• CCI-000015 - The organization employs automated mechanisms to support the information system account management functions.

Weight

10

Fix Recommendation

Configure the MDM server to leverage the MDM platform user accounts and groups for MDM server user identification and authentication.

On the MDM console, do the following:
1. Logon to the MobileIron Core Server administrator portal as a user with the "security configuration administrator" role using a web browser.
2. Select "Services" on the web page.
3. Select "LDAP" on the web page.
4. Select "Add New" (or click the "edit" icon on an existing LDAP configuration).
5. Complete the LDAP configuration dialog providing the URL for the LDAP server, alternate URL if there is a backup LDAP server, user ID and password for the LDAP server, and for additional settings see "Configuring LDAP Servers" section in the On-Premise Installation Guide.
6. Select "Save" to save the LDAP configuration.

Check Contents

On the MDM console, do the following:
1. Logon to the MobileIron Core Server administrator portal as a user with the "security configuration administrator" role using a web browser.
2. Select "Services" on the web page.
3. Select "LDAP" on the web page.
4. Click the "edit" icon on an existing LDAP configuration to be tested.
5. Select "Test" on the LDAP server configuration dialog.
6. Enter a valid LDAP user ID.
7. Select "Submit".
8. Verify the LDAP query is successful and shows user attributes in a dialog box.

If the MDM server does not leverage the MDM platform user accounts and groups for the MDM server user identification and authentication, this is a finding.

Vulnerability Number

V-91821

Documentable

False

Rule Version

MICR-10-000660

Severity Override Guidance

On the MDM console, do the following:
1. Logon to the MobileIron Core Server administrator portal as a user with the "security configuration administrator" role using a web browser.
2. Select "Services" on the web page.
3. Select "LDAP" on the web page.
4. Click the "edit" icon on an existing LDAP configuration to be tested.
5. Select "Test" on the LDAP server configuration dialog.
6. Enter a valid LDAP user ID.
7. Select "Submit".
8. Verify the LDAP query is successful and shows user attributes in a dialog box.

If the MDM server does not leverage the MDM platform user accounts and groups for the MDM server user identification and authentication, this is a finding.

Check Content Reference

M

Target Key

3433

Comments