All Workspace ONE UEM server local accounts created during application installation and configuration must be disabled or removed.
An XCCDF Rule
Description
<VulnDiscussion>A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). Satisfies: SRG-APP-000148 SFR ID: FMT_SMF.1.1(2) b / IA-5(1)(a)</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-221650r805071_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the Workspace ONE UEM server to remove any local accounts created during installation and configuration.
Exception: One local "Emergency" account may remain.
1. Log in to the Workspace ONE UEM Administration console.
2. Choose Accounts >> Administrators >> List View.