The Ivanti EPMM server must be configured to use a DoD Central Directory Service to provide multifactor authentication for network access to privileged and non-privileged accounts.
An XCCDF Rule
Description
<VulnDiscussion>A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). Satisfies: FIA Reference: PP-MDM-414003</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251406r1004727_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the MDM server to leverage the MDM platform user accounts and groups for MDM server user identification and authentication.
On the MDM console, do the following:
1. Log in to the MobileIron Core Server administrator portal as a user with the security configuration administrator role using a web browser.
2. Select "Services" on the web page.
3. Select "LDAP" on the web page.