STIGQter: STIG Summary: Jamf Pro v10.x EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 03 Feb 2020:

All Jamf Pro EMM server local accounts created during application installation and configuration must be disabled.

DISA Rule

SV-108697r1_rule

Vulnerability Number

V-99593

Group Title

PP-MDM-431007

Rule Version

JAMF-10-200040

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Disable all local accounts on the Jamf Pro EMM server with the following procedure. Note: The server service account should not be disabled.

1. Open "Settings".
2. Select "Jamf Pro User Accounts & Groups".
3. Select the user/accounts that need to be disabled.
4. Upon selection, click on the "Edit" button.
5. Change the "Access Status" to "Disabled".
6. Click "Save".
7. Repeat steps 3-6 for all local accounts.

Check Contents

Verify all local accounts on the Jamf Pro EMM server have been disabled. Note: the server service account is not disabled.

1. Log in to the Jamf pro EMM console.
2. Open "Settings".
3. Verify all Jamf Pro User Accounts & Groups have been disabled.

If all local accounts on the Jamf Pro EMM server have not been disabled, this is a finding.

Vulnerability Number

V-99593

Documentable

False

Rule Version

JAMF-10-200040

Severity Override Guidance

Verify all local accounts on the Jamf Pro EMM server have been disabled. Note: the server service account is not disabled.

1. Log in to the Jamf pro EMM console.
2. Open "Settings".
3. Verify all Jamf Pro User Accounts & Groups have been disabled.

If all local accounts on the Jamf Pro EMM server have not been disabled, this is a finding.

Check Content Reference

M

Target Key

3593

Comments