A unique database name and a unique MySQL user with a secure password must be created for use in Jamf Pro EMM.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-241800 | JAMF-10-100080 | SV-241800r1015735_rule | CCI-004062 | medium |
| Description | ||||
| If the default MySQL database name and password are not changed an adversary could gain unauthorized access to the application which could lead to the compromise of sensitive DOD data. SFR ID: FMT_SMF.1(2)b. / IA-5(1)(c) Satisfies: SRG-APP-000171 | ||||
| STIG | Date | |||
| Jamf Pro v10.x EMM Security Technical Implementation Guide | 2024-08-27 | |||
Related Frameworks
6 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-5(1)
1.00
- DISA · V3R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1714 mappings
3.5.10
1.00
- DISA · V3R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.7
1.00
- DISA · V3R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.8
1.00
- DISA · V3R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.9
1.00
- DISA · V3R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-004062
1.00
- DISA · V3R1 · disa_xccdf · related
Details
Check Text (C-241800r1015735_chk)
Verify a unique database name and a unique MySQL user with a secure password have been created for use in Jamf Pro EMM.
1. Execute the show databases command.
- Ensure at least one database name other than the default databases exits. The default databases are:
infomation_schema
mysql
performance_schema
sys
2. Verify there is a unique MySQL user.
- In MySQL, run select * mysql.user;
- Look for a user that is not Root or one of the other MySQL service accounts.
Both of these steps must be correct.
If a unique database name and a unique MySQL user with a secure password have not been created, this is a finding.
Fix Text (F-45035r685153_fix)
Create a unique database name and a unique MySQL user with a secure password. The procedure is found in the following Jamf Knowledge Base article:
https://www.jamf.com/jamf-nation/articles/542/title