STIGQter: STIG Summary: Jamf Pro v10.x EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 03 Feb 2020:

The Jamf Pro EMM server must configure the MDM Agent/platform to enable the DoD required device enrollment restrictions allowed for enrollment [specific device model].

DISA Rule

SV-108673r1_rule

Vulnerability Number

V-99569

Group Title

PP-MDM-411046

Rule Version

JAMF-10-000440

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Build Smart Device Group that matches DoD requirements and said groups are within exclusions of Configuration Profiles, Mobile Device Apps, etc.

1. Open Jamf Pro admin interface.
2. Select "Devices".
3. Select "Smart Device Groups".
4. Select "New".
5. Enter a name for the group.
6. Select "Criteria".
7. Select "Add" to add new Model, Model Identifier, or Model Number.
8. Continue to add all models that satisfy this requirement.
9. Select "Save".

Add this Smart Device Group to any Configuration Profile, Mobile Device Apps as an Exception Scope.

Check Contents

Verify device enrollment restrictions are set up to limit enrollment by iOS device.

1. Open Jamf Pro admin interface.
2. Select "Devices".
3. Select "Smart Device Groups".
4. Select desired device group.
5. Verify approved model numbers are listed.

If device enrollment restrictions are not set up, this is a finding.

Vulnerability Number

V-99569

Documentable

False

Rule Version

JAMF-10-000440

Severity Override Guidance

Check Content Reference

Target Key

3593

The Jamf Pro EMM server must configure the MDM Agent/platform to enable the DoD required device enrollment restrictions allowed for enrollment [specific device model].

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments