STIGQter: STIG Summary: Samsung SDS EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Sep 2020:

The Samsung SDS EMM must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.

DISA Rule

SV-225646r547725_rule

Vulnerability Number

V-225646

Group Title

PP-MDM-411058

Rule Version

SSDS-00-000570

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002226 - The organization defines the personnel or roles to whom privileged accounts are to be restricted on the information system.
• CCI-002227 - The organization restricts privileged accounts on the information system to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Configure the Samsung SDS EMM with the following Administrator roles:
- Server primary administrator
- Security configuration administrator
- Device user group administrator
- Auditor

On the MDM console, do the following to create users in the roles (b), (c) and (d):
1. Log in to the Samsung SDS EMM Server Admin Console using a web browser.
2. Go to Settings >> Admin Console >> Administrators and click on the "+" button near the top of the screen.
3. In the "Add Administrator" window, fill in the following once for each user account being created:
a. Choose the "New" radio button.
b. Fill in the "Admin ID" and "Admin Name" fields with a value for a new user.
c. To create a Security configuration administrator, do the following: Set the Type field to "Super".
d. To create a Device user group administrator, do the following: Set the Type field to "Common" and check all of the "Authorization" boxes.
e. To create an Auditor, do the following: Set the Type field to "common" and check only the Audit box.
4. Choose "Save" to create the account with the specified role.
5. Click "Yes" in next dialog box (Save box) to complete setup of user.

A user in the Server Primary Administrator role is created by defining a Windows Administrator account on the platform running the Samsung SDS EMM server. This is automatically created during server install.

Check Contents

Review the Samsung SDS EMM configuration settings and verify the server is configured with the following Administrator roles:
- Server primary administrator
- Security configuration administrator
- Device user group administrator
- Auditor

This validation procedure is performed on the MDM Administration Console.

On the MDM console, do the following to verify that users in the roles (b), (c), and (d) exist:
1. Log in to the Samsung SDS EMM Server Admin Console using a web browser.
2. Go to Settings >> Admin Console >> Administrators.
3. Observe that the user with the Security configuration administrator role is in the list on this screen, that the "Type" column indicates "Super", and that a modify symbol appears under all of the columns for "App", "Cert", "Org", "Profile", "Portal", and "Audit".
4. Observe that the user with the Device user group administrator role is in the list on this screen, that the "Type" column indicates "Common", and that a modify symbol appears under all of the columns for "App", "Cert", "Org", "Profile", "Portal", and "Audit".
5. Observe that the user with the Auditor role is in the list on this screen, that the "Type" column indicates "Common", and that a modify symbol appears only under the "Audit" column.

No verification is needed for the Server primary administrator since this role is always created automatically during server install.

If the MDM console is not configured with the required Administrator roles, this is a finding.

Vulnerability Number

V-225646

Documentable

False

Rule Version

SSDS-00-000570

Severity Override Guidance

Review the Samsung SDS EMM configuration settings and verify the server is configured with the following Administrator roles:
- Server primary administrator
- Security configuration administrator
- Device user group administrator
- Auditor

This validation procedure is performed on the MDM Administration Console.

On the MDM console, do the following to verify that users in the roles (b), (c), and (d) exist:
1. Log in to the Samsung SDS EMM Server Admin Console using a web browser.
2. Go to Settings >> Admin Console >> Administrators.
3. Observe that the user with the Security configuration administrator role is in the list on this screen, that the "Type" column indicates "Super", and that a modify symbol appears under all of the columns for "App", "Cert", "Org", "Profile", "Portal", and "Audit".
4. Observe that the user with the Device user group administrator role is in the list on this screen, that the "Type" column indicates "Common", and that a modify symbol appears under all of the columns for "App", "Cert", "Org", "Profile", "Portal", and "Audit".
5. Observe that the user with the Auditor role is in the list on this screen, that the "Type" column indicates "Common", and that a modify symbol appears only under the "Audit" column.

No verification is needed for the Server primary administrator since this role is always created automatically during server install.

If the MDM console is not configured with the required Administrator roles, this is a finding.

Check Content Reference

M

Target Key

4216

Comments