STIGQter STIGQter: STIG Summary: VMware AirWatch v9.x MDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016: The firewall protecting the AirWatch MDM Server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support AirWatch MDM Server and platform functions.

DISA Rule

SV-86261r1_rule

Vulnerability Number

V-71637

Group Title

PP-MDM-991000

Rule Version

VMAW-09-200050

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the DoD-approved firewall to deny all except for ports listed in the STIG Supplemental document.

Check Contents

Ask the AirWatch MDM server administrator for a list of ports, protocols and IP address ranges necessary to support MDM server and platform functionality (should also be listed in the STIG Supplemental Procedures document).

Review the host-based firewall and determine if only required ports, protocols and IP address ranges necessary to support MDM server and platform functionality are turned on.

If the network firewall protecting the AirWatch MDM is not configured to support only those ports, protocols, and IP address ranges necessary for operation, this is a finding.

Vulnerability Number

V-71637

Documentable

False

Rule Version

VMAW-09-200050

Severity Override Guidance

Ask the AirWatch MDM server administrator for a list of ports, protocols and IP address ranges necessary to support MDM server and platform functionality (should also be listed in the STIG Supplemental Procedures document).

Review the host-based firewall and determine if only required ports, protocols and IP address ranges necessary to support MDM server and platform functionality are turned on.

If the network firewall protecting the AirWatch MDM is not configured to support only those ports, protocols, and IP address ranges necessary for operation, this is a finding.

Check Content Reference

M

Target Key

3103

Comments