Samsung SDS EMM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
PP-MDM-411065
Group -
PP-MDM-413002
Group -
PP-MDM-414003
Group -
The Samsung SDS EMM server must be configured to use one-time password in addition to username and password for administrator logon to the server.
Two-factor authentication ensures strong authentication and access controls are in place for privileged accounts. But One-Time Passwords (OTP) do not meet DoD requirements that system administrator...Rule High Severity -
PP-MDM-992000
Group -
The Samsung SDS EMM server must be maintained at a supported version.
Versions of Samsung SDS EMM are maintained by Samsung SDS for specific periods of time. Unsupported versions will not receive security updates for new vulnerabilities which leaves them subject to e...Rule High Severity -
PP-MDM-431004
Group -
PP-MDM-431005
Group -
PP-MDM-431006
Group -
The firewall protecting the Samsung SDS EMM platform must be configured so that only DoD-approved ports, protocols, and services are enabled. See the DoD Ports, Protocols, Services Management [PPSM] Category Assurance Levels [CAL] list for DoD-approved ports, protocols, and services.
All ports, protocols, and services used on DoD networks must be approved and registered via the DoD PPSM process. This is to ensure that a risk assessment has been completed before a new port, prot...Rule Medium Severity -
PP-MDM-431010
Group -
The Samsung SDS EMM must limit the number of concurrent sessions to one session for all accounts and/or account types.
Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in li...Rule Medium Severity -
PP-MDM-991000
Group -
The Samsung SDS EMM must automatically disable accounts after a 35 day period of account inactivity (local accounts).
Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to...Rule Medium Severity -
PP-MDM-991000
Group -
PP-MDM-991000
Group -
PP-MDM-414002
Group -
The Samsung SDS EMM must be configured to leverage the MDM platform administrator accounts and groups for Samsung SDS EMM user identification and CAC authentication.
A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromise...Rule High Severity -
PP-MDM-414003
Group -
Authentication of MDM platform accounts must be configured so they are implemented via an enterprise directory service.
A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromise...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.