STIGQter STIGQter: STIG Summary: MobileIron Core v9.x MDM Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jul 2019: The MobileIron Core MDM server must be configured to leverage the MDM Platform user accounts and groups for MDM Server user identification and authentication.

DISA Rule

SV-85141r1_rule

Vulnerability Number

V-70519

Group Title

PP-MDM-204101

Rule Version

MICR-9X-100010

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the MobileIron Core Server to leverage the MDM Platform user accounts and groups for MobileIron Core Server user identification and authentication.

1. Login to the MobileIron Core Server administrator portal as a user with the security configuration administrator role using a web browser.
2. Select "Services" on the web page.
3. Select "LDAP" on the web page.
4. Select "Add New" (or click the edit icon on an existing LDAP configuration).
5. Complete the LDAP configuration dialog providing the URL for the LDAP server, alternate URL if there is a backup LDAP server, user ID and password for the LDAP server, and for additional settings see pg. 45 "Configuring LDAP Servers" of the On-Premise Installation Guide.
6. Select "Save" to save the LDAP configuration.

Check Contents

Review MobileIron Core Server configuration settings to determine if the server is configured to leverage the MDM Platform user accounts and groups for MDM Server user identification and authentication.

Test the MobileIron Core Server LDAP configuration.
1. Login to the MobileIron Core Server administrator portal as a user with the security configuration administrator role using a web browser.
2. Select "Services" on the web page.
3. Select "LDAP" on the web page.
4. Click the edit icon on an existing LDAP configuration to be tested.
5. Select "Test" on the LDAP server configuration dialog.
6. Enter a valid LDAP User ID and optionally Group ID and select "Submit".
7. Repeat step 6 above and then enter an invalid LDAP user ID and the verification should fail.
8. Verify successful connection to an LDAP server.

If there is no existing LDAP configuration or the existing configuration does not connect to an LDAP server, this is a finding.

Vulnerability Number

V-70519

Documentable

False

Rule Version

MICR-9X-100010

Severity Override Guidance

Review MobileIron Core Server configuration settings to determine if the server is configured to leverage the MDM Platform user accounts and groups for MDM Server user identification and authentication.

Test the MobileIron Core Server LDAP configuration.
1. Login to the MobileIron Core Server administrator portal as a user with the security configuration administrator role using a web browser.
2. Select "Services" on the web page.
3. Select "LDAP" on the web page.
4. Click the edit icon on an existing LDAP configuration to be tested.
5. Select "Test" on the LDAP server configuration dialog.
6. Enter a valid LDAP User ID and optionally Group ID and select "Submit".
7. Repeat step 6 above and then enter an invalid LDAP user ID and the verification should fail.
8. Verify successful connection to an LDAP server.

If there is no existing LDAP configuration or the existing configuration does not connect to an LDAP server, this is a finding.

Check Content Reference

M

Target Key

3081

Comments