An error occurred:

Check: SSDS-00-000720

Samsung SDS EMM STIG: SSDS-00-000720 (in versions v1 r3 through v1 r2)

Title

Authentication of MDM platform accounts must be configured so they are implemented via an enterprise directory service. (Cat I impact)

Discussion

A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). SFR ID: FIA

Check Content

Verify SDS EMM is leveraging the MDM platform administrator accounts and groups for user (system administrator) identification and CAC authentication. Use one of the following methods: Method 1: - Attempt to log on to the SDS EMM console using a CAC. - Verify CAC log on was successful. Method 2: - Log in to the SDS EMM console. - Go to Settings >> Server >> Configuration. - Click "CAC Sign-In". - Verify CAC Sign-In has been set up. If SDS EMM is not leveraging the MDM platform administrator accounts and groups for user (system administrator) identification and CAC authentication, this is a finding.

Fix Text

Configure SDS EMM to leverage the MDM platform administrator accounts and groups for user (system administrator) identification and CAC authentication. Complete the following procedures: 1. Follow necessary setup steps for Admin Registration, Tomcat Server Settings, Directory Settings found on the top of page 536 of the Samsung SDS EMM 2.2.5.3 Administrator Guide. (Refer to the "CAC Sign-In" section of the Appendix of the Samsung SDS EMM 2.2.5.3 Administrator Guide for detailed setting procedures in the CAC authentication/Directory Services environment for the SDS EMM) 2. Enable CAC Sign-In by the following procedure: - Log in to the SDS EMM console. - Go to Settings >> Server >> Configuration. - Click "CAC Sign-In". - Configure the "CAC Sign-In Settings", Port", and "Directory Service Name". - Click Save.

Additional Identifiers

Rule ID: SV-245526r744388_rule

Vulnerability ID: V-245526

Group Title: PP-MDM-414003

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000015

The organization employs automated mechanisms to support the information system account management functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-2 (1)

Automated System Account Management