STIGQter: STIG Summary: IBM MaaS360 with Watson v10.x MDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Apr 2019:

The MaaS360 MDM server must be configured to display the required DoD warning banner upon administrator logon. Note: This requirement is not applicable if the TOE platform is selected in FTA_TAB.1.1 in the Security Target (ST).

DISA Rule

SV-96873r1_rule

Vulnerability Number

V-82159

Group Title

PP-MDM-311056

Rule Version

M360-10-006700

Severity

CAT III

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

Configure the MaaS360 server to display the appropriate warning banner text.

For SaaS, this step can only be implemented by the IBM Master Administrator. Ensure that "Branding UI" and "Admin Portal Usage Agreement" are enabled. The IBM Master Administrator will then edit the Terms of Agreement with the text provided by the DoD.

Check Contents

Review the MaaS360 server console configuration to determine if before establishing a user session, the server displays an administrator-specified advisory notice and consent warning message regarding use of the MaaS360 server.

On the MaaS360 console complete the following steps:
1. Have a System Administrator log on to the portal.
2. Verify that the approved DoD Banner is displayed before the user obtains access to the console.

If the MaaS360 server does not display an administrator-specified advisory notice and consent warning message regarding use of the MaaS360 server before establishing a user session, this is a finding.

Vulnerability Number

V-82159

Documentable

False

Rule Version

M360-10-006700

Severity Override Guidance

Review the MaaS360 server console configuration to determine if before establishing a user session, the server displays an administrator-specified advisory notice and consent warning message regarding use of the MaaS360 server.

On the MaaS360 console complete the following steps:
1. Have a System Administrator log on to the portal.
2. Verify that the approved DoD Banner is displayed before the user obtains access to the console.

If the MaaS360 server does not display an administrator-specified advisory notice and consent warning message regarding use of the MaaS360 server before establishing a user session, this is a finding.

Check Content Reference

M

Target Key

3403

Comments