Check: IMIC-11-010800
Ivanti MobileIron Core MDM Server STIG:
IMIC-11-010800
(in version v1 r1)
Title
The Ivanti MobileIron Core server must be maintained at a supported version. (Cat I impact)
Discussion
The UEM vendor maintains specific product versions for a specific period of time. MDM/EMM server versions no longer supported by the vendor will not receive security updates for new vulnerabilities, which leaves them subject to exploitation. Satisfies: FPT_TUD_EXT.1.1, FPT_TUD_EXT.1.2 Reference: PP-MDM-414005
Check Content
Verify the Core server version is a supported version. This requirement is Not Applicable for the cloud version of Core. Find the list of currently supported on-prem versions of Core server here: https://help.ivanti.com/mi/help/en_us/EML/3.16.1/rni/Content/EmailPlusiOSReleaseNotes/Support_and_compatibilit.htm Log onto the Core console and determine the installed version of Core: 1. Click on the round person icon in the top right corner of the Core console. 2. In the drop-down menu, select "About". 3. View the version of Core that is installed. 4. Verify the version is a supported version. If the installed version of the Core server is not a supported version, this is a finding.
Fix Text
Update Core to the most current version. If using the cloud version of Core, this requirement is automatically met.
Additional Identifiers
Rule ID: SV-251418r806386_rule
Vulnerability ID: V-251418
Group Title: SRG-APP-000456-UEM-000330
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002605 |
The organization installs security-relevant software updates within an organization-defined time period of the release of the updates. |
Controls
Number | Title |
---|---|
SI-2 |
Flaw Remediation |