Jamf Pro v10.x EMM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
PP-MDM-412003
Group -
When the Jamf Pro EMM server cannot establish a connection to determine the validity of a certificate, the server must not have the option to accept the certificate.
When a Jamf Pro EMM server accepts an unverified certificate, it may be trusting a malicious actor. For example, messages signed with an invalid certificate may contain links to malware, which coul...Rule Medium Severity -
The Jamf Pro EMM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
A session time-out lock is a temporary action taken when a user (MDM system administrator) stops work and moves away from the immediate physical vicinity of the information system but does not log ...Rule Medium Severity -
The Jamf Pro EMM server must be configured with an enterprise certificate for signing policies (if function is not automatically implemented during Jamf Pro EMM server install).
It is critical that only authorized certificates are used for key activities such as code signing for system software updates, code signing for integrity verification, and policy signing. Otherwise...Rule Medium Severity -
The Jamf Pro EMM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.
Having several administrative roles for the Jamf Pro EMM server supports separation of duties. This allows administrator-level privileges to be granted granularly, such as giving application manage...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.