An error occurred:

Check: ARWA-01-000150

AirWatch MDM STIG: ARWA-01-000150 (in version v1 r3)

Title

The AirWatch MDM Server must be able to detect if the security policy has been modified, disabled, or bypassed on managed mobile devices. (Cat I impact)

Discussion

If the security policy has been modified in an unauthorized manner, IA is severely degraded and a variety of further attacks are possible. Detecting whether the security policy has been modified or disabled mitigates these risks.

Check Content

Review the AirWatch MDM Server configuration to ensure the AirWatch MDM Server can detect if the security policy has been modified, disabled, or bypassed on managed mobile devices. If this function is not present, this is a finding. To verify policies for the Compliance Engine, use the following procedure: (1) click "Menu" on top tool bar, (2) click "Compliance" under "Profiles and Policies" heading, and (3) click on applicable compliance policy. On Rules tab, verify the correct rule set for the applicable policy to be applied. (4) On Actions tab, verify the correct Action type to take Actionable Result is set. (5) On Assignment tab, verify correct device types, users, or groups are assigned. (Note: for "jailbroken" or "rooted device" detection, verify "Compromised Status" and "Is Compromised" is selected on Rules tab.

Fix Text

Configure the AirWatch MDM Server to detect if the security policy has been modified, disabled, or bypassed on managed mobile devices. To establish policies for the Compliance Engine, use the following procedure: (1) click "Add" from the top tool bar, and (2) click "Compliance Policy". On Rules tab select the following: (1a) To Match "All" or "Any" of the entered Rules, (2a) Choose deviation to detect on devices, and (3a) click "Next". (3) On Actions tab, select the following: (a) Choose Action type to take (command), and (b) Actionable Result, and (c) click Next. (4) On Assignment tab select device types, users, or groups to assign Policy to, and (5) click "Next". (6) View Summary for accuracy, and (7) click Save and Assign. (Note: for "jailbroken" or "rooted device" detection, select "Compromised Status" and "Is Compromised" on Rules tab.

Additional Identifiers

Rule ID: SV-60207r1_rule

Vulnerability ID: V-47335

Group Title: SRG-APP-137-MDM-151-MDM

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000372

Verify configuration settings for organization-defined system components using organization-defined automated mechanisms.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6(1)

Automated Central Management / Application / Verification