VMware AirWatch v9.x MDM Security Technical Implementation Guide

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]

Details

Version / Release: V1R1

Published: 2016-09-20

Updated At: 2018-09-23 19:22:10

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-86251r1_rule VMAW-09-000080 CCI-000366 MEDIUM The AirWatch MDM Server must be configured with the Administrator roles: a. MD user b. Server primary administrator c. Security configuration administrator d. Device user group administrator e. Auditor. Having several roles for the MDM Server supports separation of duties. This allows administrator-level privileges to be granted granularly, such as giving application management privileges to one group and security policy privileges to another group. This
    SV-86253r1_rule VMAW-09-100010 CCI-002696 LOW The AirWatch MDM Agent must be configured for the periodicity of reachability events for six hours or less. Mobile devices that do not enforce security policy or verify the status of the device are vulnerable to a variety of attacks. The key security function of MDM technology is to distribute mobile device security polices in such a manner that they are enforc
    SV-86255r1_rule VMAW-09-100060 CCI-000169 MEDIUM The AirWatch MDM Agent must be configured to alert via the trusted channel to the MDM server for the following event: failure to install an application from the MAS server. Audit logs and alerts enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify when the security posture of the device is not as expected, including when critical or security relevant applications have
    SV-86257r1_rule VMAW-09-100080 CCI-000169 MEDIUM The AirWatch MDM Agent must be configured to alert via the trusted channel to the MDM server for the following event: failure to update an application from the MAS server. Audit logs and alerts enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify when the security posture of the device is not as expected, including when a critical or security relevant application was
    SV-86259r1_rule VMAW-09-200040 CCI-000382 MEDIUM The AirWatch MDM Server platform must be protected by a DoD-approved firewall. Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations. Unneeded services and processes provide
    SV-86261r1_rule VMAW-09-200050 CCI-000382 MEDIUM The firewall protecting the AirWatch MDM Server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support AirWatch MDM Server and platform functions. Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations. Since AirWatch MDM Server is a critic
    SV-86269r1_rule VMAW-09-000550 CCI-000015 MEDIUM The AirWatch MDM Server must leverage the MDM Platform user accounts and groups for AirWatch MDM Server user identification and authentication and the MDM Platform accounts must be implemented via an enterprise directory service. A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM Server infrastructure is at r