The Samsung SDS EMM must be configured to leverage the MDM platform administrator accounts and groups for Samsung SDS EMM user identification and CAC authentication.
An XCCDF Rule
Description
<VulnDiscussion>A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). SFR ID: FIA</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245525r744387_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Configure SDS EMM to leverage the MDM platform administrator accounts and groups for user (system administrator) identification and CAC authentication.
Complete the following procedures:
1. Follow necessary setup steps for Admin Registration, Tomcat Server Settings, Directory Settings found on the top of page 536 of the Samsung SDS EMM 2.2.5.3 Administrator Guide.
(Refer to the "CAC Sign-In" section of the Appendix of the Samsung SDS EMM 2.2.5.3 Administrator Guide for detailed setting procedures in the CAC authentication/Directory Services environment for the SDS EMM)
2. Enable CAC Sign-In by the following procedure: