The Jamf Pro EMM server must configure the MDM Agent/platform to enable the DOD required device enrollment restrictions allowed for enrollment [specific device model].

An XCCDF Rule

Description

<VulnDiscussion>Good configuration management of a mobile device is a key capability for maintaining the mobile device’s security baseline. Restricting network access to only authorized devices is a key configuration management attribute. Device type is a key way to specify mobile devices that can be adequately secured. SFR ID: FMT_SMF.1.1(2) b, FIA_ENR_EXT.1.2</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-257255r916639_rule
Severity: Medium
References: CCI-000366
Updated: about 1 year ago

Build Smart Device Group that matches DOD requirements and said groups are within exclusions of Configuration Profiles, Mobile Device Apps, etc.

1. Open Jamf Pro admin interface.
2. Select "Devices".
3. Select "Smart Device Groups".
4. Select "New".5. Enter a name for the group.
6. Select "Criteria".
7. Select "Add" to add new Model, Model Identifier, or Model Number.
8. Continue to add all models that satisfy this requirement.
9. Select "Save".

Add this Smart Device Group to any Configuration Profile, Mobile Device Apps as an Exception Scope.

The Jamf Pro EMM server must configure the MDM Agent/platform to enable the DOD required device enrollment restrictions allowed for enrollment [specific device model].

Description

Remediation - Manual Procedure