The Samsung SDS EMM server must be configured to use one-time password in addition to username and password for administrator logon to the server.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-225649 | PP-MDM-414003 | SSDS-00-000725 | SV-225649r744410_rule | 2022-06-10 | 1 |
Description
Two-factor authentication ensures strong authentication and access controls are in place for privileged accounts. But One-Time Passwords (OTP) do not meet DoD requirements that system administrators access privileged accounts via CAC authentication through a directory service (Active Directory).
SFR ID: FIA
ℹ️ Check
Verify the EMM server has not been configured to use one-time password (OTP) for administrator logon to the server.
On the MDM console, do the following:
1. Log into the SDS EMM console.
2. Go to Setting >> Server >> Configuration >> Two-Factor Authentication.
3. Verify Two-Factor Authentication is set to "No".
If the EMM server has not been configured to disable one-time-password (OTP) for administrator logon to the server, this is a finding.
✔️ Fix
Use the following procedure for configuring the use of OTP authentication on the EMM server:
On the MDM console, do the following:
1. Log into the SDS EMM console.
2. Go to Setting >> Server >> Configuration >> Two-Factor Authentication.
3. Set Two-Factor Authentication to "No".
4. Save setting.