STIGQter: STIG Summary: Jamf Pro v10.x EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 03 Feb 2020:

The Jamf Pro EMM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.

DISA Rule

SV-108683r1_rule

Vulnerability Number

V-99579

Group Title

PP-MDM-411058

Rule Version

JAMF-10-000610

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002226 - The organization defines the personnel or roles to whom privileged accounts are to be restricted on the information system.
• CCI-002227 - The organization restricts privileged accounts on the information system to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Administrator and Audit level permission groups are configured by default within Jamf Pro server.

Configure the additional group permissions by:

1. Open Jamf Pro server.
2. Open "Settings".
3. Select "Jamf Pro User Accounts and Groups".
4. Select "New".
5. Select "Create Standard Group", click "Next".
6. Fill out all the necessary information for creating the group including the privilege set.
7. Click "Save".
8. Repeat for each group of permissions that are needed.

Once completed, Jamf Pro EMM server will have the appropriate group level permissions available for applying to individual user accounts or AD groups.

Check Contents

Administrator and Audit level permission groups are configured by default within Jamf Pro server.

Verify the additional group permissions by:

1. Open Jamf Pro server.
2. Open "Settings".
3. Select "Jamf Pro User Accounts and Groups".
4. View the necessary information for each group has been created with appropriate privilege sets.

Jamf Pro EMM server will have the appropriate group level permissions available for applying to individual user accounts or AD groups.

If required administrator roles have not been set up on the server, this is a finding.

Vulnerability Number

V-99579

Documentable

False

Rule Version

JAMF-10-000610

Severity Override Guidance

Administrator and Audit level permission groups are configured by default within Jamf Pro server.

Verify the additional group permissions by:

1. Open Jamf Pro server.
2. Open "Settings".
3. Select "Jamf Pro User Accounts and Groups".
4. View the necessary information for each group has been created with appropriate privilege sets.

Jamf Pro EMM server will have the appropriate group level permissions available for applying to individual user accounts or AD groups.

If required administrator roles have not been set up on the server, this is a finding.

Check Content Reference

M

Target Key

3593

Comments