STIGQter: STIG Summary: MobileIron Core v10.x MDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 15 Feb 2019:

The MobileIron Core v10 server must be configured to display the required DoD warning banner upon administrator logon. Note: This requirement is not applicable if the TOE platform is selected in FTA_TAB.1.1 in the Security Target (ST).

DISA Rule

SV-101915r1_rule

Vulnerability Number

V-91813

Group Title

PP-MDM-311056

Rule Version

MICR-10-000550

Severity

CAT III

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

Configure the MDM server to display the appropriate warning banner text.

On the MDM console, do the following:
1. Logon to the MobileIron Core Server administrator portal as a user with the security configuration administrator role using a web browser.
2. Select "Settings" on the web page.
3. Select "General" on the web page.
4. Select "Logon" on the web page.
5. Check the "Enable Logon Text Box" on the web page.
6. Type the required banner text in the "Text to Display" dialog on the web page.
7. Select "Save" on the web page.

Check Contents

Review MDM server documentation and configuration settings to determine if the MDM server is using the warning banner and the wording of the banner is the required text.

On the MDM console, do the following:
1. Connect to the MobileIron Core Server using SSH.
2. Type in a user name and press "Enter".
3. Verify the required banner is displayed before the password prompt. The required text is found in the VulDiscussion.

If the required banner is not presented, this is a finding.

1. Connect to the MobileIron Core Server system manager portal using a web browser.
2. Verify the required banner is displayed on the web page. The required text is found in the VulDiscussion.

If the required banner is not presented, this is a finding.

1. Connect to the MobileIron Core Server administrator portal using a web browser.
2. Verify the required banner is displayed on the web page.

If the required banner is not presented, this is a finding.

Vulnerability Number

V-91813

Documentable

False

Rule Version

MICR-10-000550

Severity Override Guidance

Review MDM server documentation and configuration settings to determine if the MDM server is using the warning banner and the wording of the banner is the required text.

On the MDM console, do the following:
1. Connect to the MobileIron Core Server using SSH.
2. Type in a user name and press "Enter".
3. Verify the required banner is displayed before the password prompt. The required text is found in the VulDiscussion.

If the required banner is not presented, this is a finding.

1. Connect to the MobileIron Core Server system manager portal using a web browser.
2. Verify the required banner is displayed on the web page. The required text is found in the VulDiscussion.

If the required banner is not presented, this is a finding.

1. Connect to the MobileIron Core Server administrator portal using a web browser.
2. Verify the required banner is displayed on the web page.

If the required banner is not presented, this is a finding.

Check Content Reference

M

Target Key

3433

Comments