Free DISA STIG and SRG Library | Vaulted

V-82171

Authentication of MaaS360 MDM platform accounts must be configured so they are implemented via an enterprise directory service.

Finding ID
M360-10-007800
Rule ID
SV-96885r1_rule
Severity
Cat II
CCE
(None)
Group Title
PP-MDM-314003
CCI
CCI-000015
Target Key
(None)
Documentable
No
Discussion

A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MaaS360 MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MaaS360 MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). SFR ID: FIA

Fix Text

Install Cloud Extender and configure it to connect to the Enterprise directory service for all portal connections.

Check Content

Perform the following steps to verify the MaaS360 portal is configured to use an Enterprise directory service for portal access: Verify the MaaS360 is configured to use the Cloud Extender that connects to the Enterprise authentication service: 1. Log in to the portal. 2. Navigate to "Users" on the menu bar. 3. Select "Directory". 4. Confirm that for every administrator listed, "User Source" has "User Directory (AD)" listed. If any listed administrator does not have "User Source" as "User Directory (AD)", this is a finding.