STIGQter STIGQter: STIG Summary: MobileIron Core v9.x MDM Security Technical Implementation Guide

Version: 1

Release: 4 Benchmark Date: 26 Jul 2019

CheckedNameTitle
SV-85139r1_ruleAll MobileIron Core MDM server cryptography supporting DoD functionality must be configured to use FIPS 140-2 validated encryption modules.
SV-85141r1_ruleThe MobileIron Core MDM server must be configured to leverage the MDM Platform user accounts and groups for MDM Server user identification and authentication.
SV-85143r1_ruleBefore establishing a user session, the MobileIron Core MDM server must be configured to display an administrator-specified advisory notice and consent warning message regarding use of the MDM server.
SV-85145r1_ruleThe MobileIron Core MDM server must be configured to block mobile devices that do not have required OS type and version.
SV-85147r1_ruleThe MobileIron Core MDM server must be configured to record within each audit record required information: a. date and time of the event; b. type of event; c. mobile device identity; and d. [no other audit relevant information].
SV-85149r1_ruleThe MobileIron Core MDM server must be configured to block mobile devices that do not have required applications installed.
SV-85151r1_ruleThe MobileIron Core MDM server must be configured to enable an audit record for the following auditable events: any event selected in the ST under FAU_ALT_EXT.2.1.
SV-85153r1_ruleThe MobileIron Core MDM server must be configured with the Administrator roles: a. MD user. b. Server primary administrator. c. Security configuration administrator. d. Device user group administrator. e. Auditor.
SV-85155r1_ruleThe MobileIron Core MDM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
SV-85157r1_ruleThe MobileIron Core MDM server platform must be protected by a DoD-approved firewall.
SV-85159r2_ruleThe firewall protecting the MobileIron Core MDM server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support MDM server and platform functions.
SV-85161r1_ruleThe MobileIron Core MDM server appliance must be configured to terminate the network connection associated with a communications session at the end of any transaction with an MDM agent or other server or after 10 minutes of inactivity.
SV-85163r2_ruleThe MobileIron Core MDM agent must be configured for the periodicity of reachability events for six hours or less.
SV-104389r1_ruleOnly authorized versions of the MobileIron Core 9.x server must be used.