Authentication of MDM platform accounts must be configured so they are implemented via an enterprise directory service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity | 
| V-245526 | SSDS-00-000720 | SV-245526r744388_rule | High | 
| Description | 
| A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire MDM server infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the MDM server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos). SFR ID: FIA | 
| STIG | Date | 
| Samsung SDS EMM Security Technical Implementation Guide | 2022-06-10 | 
Details
| Check Text (C-48800r744401_chk) | 
| Verify SDS EMM is leveraging the MDM platform administrator accounts and groups for user (system administrator) identification and CAC authentication. Use one of the following methods: Method 1: - Attempt to log on to the SDS EMM console using a CAC. - Verify CAC log on was successful. Method 2: - Log in to the SDS EMM console. - Go to Settings >> Server >> Configuration. - Click "CAC Sign-In". - Verify CAC Sign-In has been set up. If SDS EMM is not leveraging the MDM platform administrator accounts and groups for user (system administrator) identification and CAC authentication, this is a finding. | 
| Fix Text (F-48757r744400_fix) | 
| Configure SDS EMM to leverage the MDM platform administrator accounts and groups for user (system administrator) identification and CAC authentication. Complete the following procedures: 1. Follow necessary setup steps for Admin Registration, Tomcat Server Settings, Directory Settings found on the top of page 536 of the Samsung SDS EMM 2.2.5.3 Administrator Guide. (Refer to the "CAC Sign-In" section of the Appendix of the Samsung SDS EMM 2.2.5.3 Administrator Guide for detailed setting procedures in the CAC authentication/Directory Services environment for the SDS EMM) 2. Enable CAC Sign-In by the following procedure: - Log in to the SDS EMM console. - Go to Settings >> Server >> Configuration. - Click "CAC Sign-In". - Configure the "CAC Sign-In Settings", Port", and "Directory Service Name". - Click Save. |