Title

The Samsung SDS EMM server must be configured to use one-time password in addition to username and password for administrator logon to the server. (Cat I impact)

Discussion

Two-factor authentication ensures strong authentication and access controls are in place for privileged accounts. But One-Time Passwords (OTP) do not meet DoD requirements that system administrators access privileged accounts via CAC authentication through a directory service (Active Directory). SFR ID: FIA

Check Content

Verify the EMM server has not been configured to use one-time password (OTP) for administrator logon to the server. On the MDM console, do the following: 1. Log into the SDS EMM console. 2. Go to Setting >> Server >> Configuration >> Two-Factor Authentication. 3. Verify Two-Factor Authentication is set to "No". If the EMM server has not been configured to disable one-time-password (OTP) for administrator logon to the server, this is a finding.

Fix Text

Use the following procedure for configuring the use of OTP authentication on the EMM server: On the MDM console, do the following: 1. Log into the SDS EMM console. 2. Go to Setting >> Server >> Configuration >> Two-Factor Authentication. 3. Set Two-Factor Authentication to "No". 4. Save setting.

Additional Identifiers

Rule ID: SV-225649r744410_rule

Vulnerability ID: V-225649

Group Title: PP-MDM-414003

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.