STIGQter STIGQter: STIG Summary: MobileIron Core v9.x MDM Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jul 2019: The firewall protecting the MobileIron Core MDM server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support MDM server and platform functions.

DISA Rule

SV-85159r2_rule

Vulnerability Number

V-70537

Group Title

PP-MDM-991000

Rule Version

MICR-9X-110140

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the DoD-approved firewall to deny all except for ports listed in the STIG Supplemental document.

Check Contents

Ask the MobileIron administrator for a list of ports, protocols and IP address ranges necessary to support MDM server and platform functionality (should also be listed in the STIG Supplemental Procedures document).

Review the list to determine if the stated required configuration is appropriate:

22/tcp open ssh
80/tcp open http
443/tcp open https
8443/tcp open https-alt

Compare the list against the configuration of the firewall, and identify discrepancies.

If the network firewall protecting the MobileIron Core MDM appliance is not configured to support only those ports, protocols, and IP address ranges necessary for operation, then this is a finding.

Vulnerability Number

V-70537

Documentable

False

Rule Version

MICR-9X-110140

Severity Override Guidance

Ask the MobileIron administrator for a list of ports, protocols and IP address ranges necessary to support MDM server and platform functionality (should also be listed in the STIG Supplemental Procedures document).

Review the list to determine if the stated required configuration is appropriate:

22/tcp open ssh
80/tcp open http
443/tcp open https
8443/tcp open https-alt

Compare the list against the configuration of the firewall, and identify discrepancies.

If the network firewall protecting the MobileIron Core MDM appliance is not configured to support only those ports, protocols, and IP address ranges necessary for operation, then this is a finding.

Check Content Reference

M

Target Key

3081

Comments