STIGQter STIGQter: STIG Summary: VMware AirWatch v9.x MDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016: The AirWatch MDM Agent must be configured to alert via the trusted channel to the MDM server for the following event: failure to install an application from the MAS server.

DISA Rule

SV-86255r1_rule

Vulnerability Number

V-71631

Group Title

PP-MDM-202005

Rule Version

VMAW-09-100060

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the AirWatch MDM Agent to alert via the trusted channel to the MDM server for the following event: alert for failure to install an application.

On the AirWatch console complete the following procedure to create a Required Application List, and a conjunctive Compliance Policy that is set to Alert the Administrator (will additionally create "Event" in AirWatch console "Event Log"):

1. Log into the AirWatch MDM Administration console.
2. Choose "Apps and Books".
3. Choose "Application Settings".
4. Choose "App Groups".
5. Choose "Add Group".
6. Set "Type" to "Required" and select applicable "Platform". (i.e., iOS or Android)
7. Give Organization defined "Name" for list.
8. Choose "Add Application".
9. Enter Application Names and Application ID's as defined by the Organization.
10. Choose "Next".
11. Set "Assignment" criteria as necessary to include all Organization defined user and/or device groups.
12. Choose "Finish".
13. Choose "Devices".
14. Choose "Compliance Policies".
15. Choose "List View".
16. Choose "Add".
17. Choose "Platform" (i.e., iOS or Android).
18. In "Rules" tab boxes, choose "Application List", and "Does Not Contain Required App(s)".
19. Choose "Next".
20. In "Actions" tab boxes, choose "Notify", "Send Email to Administrator", and enter Organization defined Administrators in "To:" box.
21. Choose "Next".
22. Add "Assigned Groups" of users/devices as defined by the Organization.
23. Choose "Next".
24. Choose "Finish and Activate".

Check Contents

Note: This procedure is the same as the procedure for VMAW-09-100080 and only has to be completed one time.

Review the AirWatch MDM Agent configuration settings and verify the Agent is configured to alert via the trusted channel to the MDM server for the following event: alert for failure to install an application.

On the AirWatch console complete the following procedure to ensure a Required Application List is created properly, and a conjunctive Compliance Policy is set to alert the Administrator (will additionally create an "Event" in the AirWatch console "Event Log"). There are two parts to this verification: 1) to verify that a Required Applications List was created properly, and 2) to verify that a conjunctive compliance policy is established:

1. Log into the AirWatch MDM Administration console.
2. Choose "Apps and Books".
3. Choose "Application Settings".
4. Choose "App Groups".
5. Under "Name" column, click on appropriate App Group List. (Get a list of app groups from the MDM Administrator.)
6. Verify on "List" tab that all organization required applications and versions are listed.
7. Choose "Cancel".
8. Choose "Devices".
9. Choose "Compliance Policies".
10. Choose "List View".
11. Under "Description" column, look for policy with the description of: "Application List".
12. Click on policy name.
13. On "Rules" tab, ensure boxes are selected for "Application List" and "Does Not Contain Required App(s)".
14. On "Actions" tab, ensure boxes are selected for "Notify", "Send Email to Administrator", and all organization assigned Administrators are listed in "To:" box (Note: With this set, the MDM Server Audit Function will also now record the Event automatically).

If under the "List" tab all organization required applications and versions are not listed; or on the "Rules" tab boxes are not selected for "Application List" and "Does Not Contain Required App(s)"; or on the "Actions" tab boxes are not selected for "Notify", "Send Email to Administrator", and all organization assigned Administrators are listed in "To:" box, this is a finding.

Vulnerability Number

V-71631

Documentable

False

Rule Version

VMAW-09-100060

Severity Override Guidance

Note: This procedure is the same as the procedure for VMAW-09-100080 and only has to be completed one time.

Review the AirWatch MDM Agent configuration settings and verify the Agent is configured to alert via the trusted channel to the MDM server for the following event: alert for failure to install an application.

On the AirWatch console complete the following procedure to ensure a Required Application List is created properly, and a conjunctive Compliance Policy is set to alert the Administrator (will additionally create an "Event" in the AirWatch console "Event Log"). There are two parts to this verification: 1) to verify that a Required Applications List was created properly, and 2) to verify that a conjunctive compliance policy is established:

1. Log into the AirWatch MDM Administration console.
2. Choose "Apps and Books".
3. Choose "Application Settings".
4. Choose "App Groups".
5. Under "Name" column, click on appropriate App Group List. (Get a list of app groups from the MDM Administrator.)
6. Verify on "List" tab that all organization required applications and versions are listed.
7. Choose "Cancel".
8. Choose "Devices".
9. Choose "Compliance Policies".
10. Choose "List View".
11. Under "Description" column, look for policy with the description of: "Application List".
12. Click on policy name.
13. On "Rules" tab, ensure boxes are selected for "Application List" and "Does Not Contain Required App(s)".
14. On "Actions" tab, ensure boxes are selected for "Notify", "Send Email to Administrator", and all organization assigned Administrators are listed in "To:" box (Note: With this set, the MDM Server Audit Function will also now record the Event automatically).

If under the "List" tab all organization required applications and versions are not listed; or on the "Rules" tab boxes are not selected for "Application List" and "Does Not Contain Required App(s)"; or on the "Actions" tab boxes are not selected for "Notify", "Send Email to Administrator", and all organization assigned Administrators are listed in "To:" box, this is a finding.

Check Content Reference

M

Target Key

3103

Comments