STIGQter STIGQter: STIG Summary: IBM MaaS360 with Watson v10.x MDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Apr 2019:

The MaaS360 server must be configured to enable all required audit events (if function is not automatically implemented during MDM/MAS server install): b. Failure to update an existing application on a managed mobile device.

DISA Rule

SV-96895r1_rule

Vulnerability Number

V-82181

Group Title

PP-MDM-323202

Rule Version

M360-10-100300

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the MaaS360 server to enable all required audit events: Failure to update an existing application on a managed mobile device.

On the MaaS360 Console, complete the following steps:
1. Navigate to Devices >> Groups.
2. Select "Add", "Device Groups", and create a new search with the conditions noted below.
3. Select "edit" for one of the identified groups and set the two conditions:
- Condition 1: "Software Installed", "Application Name", "Contains", "<Name of Application>"
- Condition 2: "Software Installed", "Full Version", "Contains","<latest version of Application>"
4. Select "Search" and then create a new device group and provide an appropriate group name and description.
5. Navigate to Security >> Compliance Rules.
6. Select one or more Rule Set Names that alert for failure to update an existing application on a managed mobile device.
7. Open “Rule Set Name” and select “Enforcement Rules”.
8. Set the “Application Compliance” to “enabled” and select "Alert" for “Enforcement Action”.
9. Go to Group Based Rules and assign the rule selected in Step 6 to the group identified in Step 4.

Check Contents

Review the MaaS360 server console and confirm the server is configured to alert for audit event failures on managed mobile devices.

On the MaaS360 Console, complete the following steps:
1. Navigate to Devices >> Groups.
2. Have the System Administrator identify one or more groups that alert for failure to update an existing application on a managed mobile device.
3. Select "edit" for one of the identified groups and verify that the two conditions exist:
- Condition 1: "Software Installed", "Application Name", "Contains", "<Name of Application>"
- Condition 2: "Software Installed", "Full Version", "Contains","<latest version of Application>"
4. Navigate to Security >> Compliance Rules.
5. Have the System Administrator identify one or more Rule Set Names that alert for failure to update an existing application on a managed mobile device.
6. Open “Rule Set Name” and select “Enforcement Rules”.
7. Verify that “Application Compliance” is enabled and "Alert" is selected for “Enforcement Action”.
8. Go to Group Based Rules and verify that the rule selected in Step 5 has been assigned to the group identified in Step 3.

If two conditions in the device group are not set correctly, or application compliance is not enabled and set correctly in the rule set name, or the rule is not assigned to the group, this is a finding.

Vulnerability Number

V-82181

Documentable

False

Rule Version

M360-10-100300

Severity Override Guidance

Review the MaaS360 server console and confirm the server is configured to alert for audit event failures on managed mobile devices.

On the MaaS360 Console, complete the following steps:
1. Navigate to Devices >> Groups.
2. Have the System Administrator identify one or more groups that alert for failure to update an existing application on a managed mobile device.
3. Select "edit" for one of the identified groups and verify that the two conditions exist:
- Condition 1: "Software Installed", "Application Name", "Contains", "<Name of Application>"
- Condition 2: "Software Installed", "Full Version", "Contains","<latest version of Application>"
4. Navigate to Security >> Compliance Rules.
5. Have the System Administrator identify one or more Rule Set Names that alert for failure to update an existing application on a managed mobile device.
6. Open “Rule Set Name” and select “Enforcement Rules”.
7. Verify that “Application Compliance” is enabled and "Alert" is selected for “Enforcement Action”.
8. Go to Group Based Rules and verify that the rule selected in Step 5 has been assigned to the group identified in Step 3.

If two conditions in the device group are not set correctly, or application compliance is not enabled and set correctly in the rule set name, or the rule is not assigned to the group, this is a finding.

Check Content Reference

M

Target Key

3403

Comments