The Samsung SDS EMM server must be configured to use one-time password in addition to username and password for administrator logon to the server.
An XCCDF Rule
Description
<VulnDiscussion>Two-factor authentication ensures strong authentication and access controls are in place for privileged accounts. But One-Time Passwords (OTP) do not meet DoD requirements that system administrators access privileged accounts via CAC authentication through a directory service (Active Directory). SFR ID: FIA</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-225649r744410_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Use the following procedure for configuring the use of OTP authentication on the EMM server:
On the MDM console, do the following:
1. Log into the SDS EMM console.
2. Go to Setting >> Server >> Configuration >> Two-Factor Authentication.
3. Set Two-Factor Authentication to "No".