STIGQter: STIG Summary: Jamf Pro v10.x EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 03 Feb 2020:

The Jamf Pro EMM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.

DISA Rule

SV-108675r1_rule

Vulnerability Number

V-99571

Group Title

PP-MDM-411047

Rule Version

JAMF-10-000460

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Perform the following procedure to configure the Jamf session lock to lock after a 15-minute period of inactivity.

Configuring the Variable in the JAMF web.xml File

On the Jamf Pro EMM host server, open the web.xml file:

If using macOS, the web.xml file is located at the following filepath:
/Library/JSS/Tomcat/webapps/ROOT/WEB-INF/

If using Windows, the web.xml file is located at the following filepath:
C:\Program Files\JSS\Tomcat\webapps\ROOT\WEB-INF\

If using Linux, the web.xml file is located at the following filepath:
/usr/local/jss/tomcat/webapps/ROOT/WEB-INF/

Locate the following setting:
<session-config>
<session-timeout>1</session-timeout>
</session-config>

Ensure that the code is not commented out. If the code is commented out, remove the comment tags <!-- --> that encase the code.

Modify the session-timeout to a value from 1 to 15.
Note: Session timeout is in minutes.

Restart Tomcat after modifying anything within the web.xml file.
See Starting and Stopping Tomcat for instructions in the Jamf admin guide.

Check Contents

Verify the Jamf Pro EMM server or platform is configured to initiate a session lock after a 15-minute period of inactivity.

Review the variable in the Jamf Pro web.xml file.

On the Jamf Pro host server, open the web.xml file:

If using macOS, the web.xml file is located at the following filepath:
/Library/JSS/Tomcat/webapps/ROOT/WEB-INF/

If using Windows, the web.xml file is located at the following filepath:
C:\Program Files\JSS\Tomcat\webapps\ROOT\WEB-INF\

If using Linux, the web.xml file is located at the following filepath:
/usr/local/jss/tomcat/webapps/ROOT/WEB-INF/

Locate the following setting:
<session-config>
<session-timeout>15</session-timeout>
</session-config>

Ensure that the code is not commented out. If the code is commented out, remove the comment tags <!-- --> that encase the code.
Note: Session timeout is in minutes.

If the code is commented out or session-timeout is not configured to "15" minutes or less, this is a finding.

Vulnerability Number

V-99571

Documentable

False

Rule Version

JAMF-10-000460

Severity Override Guidance

Verify the Jamf Pro EMM server or platform is configured to initiate a session lock after a 15-minute period of inactivity.

Review the variable in the Jamf Pro web.xml file.

On the Jamf Pro host server, open the web.xml file:

If using macOS, the web.xml file is located at the following filepath:
/Library/JSS/Tomcat/webapps/ROOT/WEB-INF/

If using Windows, the web.xml file is located at the following filepath:
C:\Program Files\JSS\Tomcat\webapps\ROOT\WEB-INF\

If using Linux, the web.xml file is located at the following filepath:
/usr/local/jss/tomcat/webapps/ROOT/WEB-INF/

Locate the following setting:
<session-config>
<session-timeout>15</session-timeout>
</session-config>

Ensure that the code is not commented out. If the code is commented out, remove the comment tags <!-- --> that encase the code.
Note: Session timeout is in minutes.

If the code is commented out or session-timeout is not configured to "15" minutes or less, this is a finding.

Check Content Reference

M

Target Key

3593

Comments