V-71631 | Medium | The AirWatch MDM Agent must be configured to alert via the trusted channel to the MDM server for the following event: failure to install an application from the MAS server. | Audit logs and alerts enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify when the security posture of the device is not as expected,... |
V-71633 | Medium | The AirWatch MDM Agent must be configured to alert via the trusted channel to the MDM server for the following event: failure to update an application from the MAS server. | Audit logs and alerts enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify when the security posture of the device is not as expected,... |
V-71635 | Medium | The AirWatch MDM Server platform must be protected by a DoD-approved firewall. | Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential... |
V-71637 | Medium | The firewall protecting the AirWatch MDM Server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support AirWatch MDM Server and platform functions. | Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential... |
V-71627 | Medium | The AirWatch MDM Server must be configured with the Administrator roles:
a. MD user
b. Server primary administrator
c. Security configuration administrator
d. Device user group administrator
e. Auditor. | Having several roles for the MDM Server supports separation of duties. This allows administrator-level privileges to be granted granularly, such as giving application management privileges to one... |
V-71645 | Medium | The AirWatch MDM Server must leverage the MDM Platform user accounts and groups for AirWatch MDM Server user identification and authentication and the MDM Platform accounts must be implemented via an enterprise directory service. | A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker... |
V-71629 | Low | The AirWatch MDM Agent must be configured for the periodicity of reachability events for six hours or less. | Mobile devices that do not enforce security policy or verify the status of the device are vulnerable to a variety of attacks. The key security function of MDM technology is to distribute mobile... |