STIGQter: STIG Summary: Samsung SDS EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Sep 2020:

The Samsung SDS EMM must enforce the limit of three consecutive invalid logon attempts by a user.

DISA Rule

SV-225656r547755_rule

Vulnerability Number

V-225656

Group Title

PP-MDM-991000

Rule Version

SSDS-00-200250

Severity

CAT II

CCI(s)

• CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Weight

10

Fix Recommendation

Configure the Samsung SDS EMM to enforce the limit of three consecutive invalid logon attempts by an admin.

On the MDM console, do the following:
1. Log in to the Admin Console using a web browser.
2. Go to Setting >> Server >> Configuration and set "Maximum Failed Login Attempts" to "3".

Check Contents

Review the Samsung SDS EMM configuration settings and verify the server is configured to enforce the limit of three consecutive invalid logon attempts by admin.

On the MDM console, verify that the MDM console "Maximum Failed Login Attempts" is set to "3".

If the administrator incorrectly enters the login password three times, the account is locked.

If the MDM console Maximum Failed Login Attempts is not set to "3", this is a finding.

Vulnerability Number

V-225656

Documentable

False

Rule Version

SSDS-00-200250

Severity Override Guidance

Review the Samsung SDS EMM configuration settings and verify the server is configured to enforce the limit of three consecutive invalid logon attempts by admin.

On the MDM console, verify that the MDM console "Maximum Failed Login Attempts" is set to "3".

If the administrator incorrectly enters the login password three times, the account is locked.

If the MDM console Maximum Failed Login Attempts is not set to "3", this is a finding.

Check Content Reference

M

Target Key

4216

Comments