STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide

Archived

Version

V1R1

Release Date

Sep 14, 2021

SCAP Benchmark ID

S-a618b8951ede95b6304aa050fd85fa9d143516f8

Total Checks

26

Tags

mobile
CAT I: 7CAT II: 13CAT III: 6

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. <br />

Export CKLExport CSVExport JSON

Checks (26)

V-250982MEDIUMMobileIron Sentry must limit the number of concurrent sessions for the CLISH interface to an organization-defined number for each administrator account and/or administrator account type.V-250983MEDIUMMobileIron Sentry must be configured to limit the network access of the Sentry System Manager Portal behind the corporate firewall and whitelist source IP range.V-250984MEDIUMMobileIron Sentry must initiate a session lock after a 15-minute period of inactivity.V-250985LOWMobileIron Sentry must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.V-250986LOWMobileIron Sentry must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-250987MEDIUMMobileIron Sentry must display the Standard Mandatory DoD Notice and Consent Banner in the Sentry web interface before granting access to the device.V-250988HIGHMobileIron Sentry must be configured to use DoD PKI as multi-factor authentication (MFA) for interactive logins.V-250989MEDIUMMobileIron Sentry device must enforce a minimum 15-character password length.V-250990MEDIUMMobileIron Sentry must enforce password complexity by requiring that at least one upper-case character be used.V-250991MEDIUMMobileIron Sentry must enforce password complexity by requiring that at least one lower-case character be used.V-250992MEDIUMMobileIron Sentry must enforce password complexity by requiring that at least one numeric character be used.V-250993MEDIUMMobileIron Sentry must enforce password complexity by requiring that at least one special character be used.V-250994HIGHMobileIron Sentry, for PKI-based authentication, must be configured to map validated certificates to unique user accounts.V-250995HIGHMobileIron Sentry must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.V-250996HIGHMobileIron Sentry must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirement.V-250997MEDIUMMobileIron Sentry must generate unique session identifiers using a FIPS 140-2 approved random number generator.V-250998LOWMobileIron Sentry must generate an immediate real-time alert of all audit failure events requiring real-time alerts.V-250999MEDIUMMobileIron Sentry must be configured to synchronize internal information system clocks using redundant authoritative time sources.V-251000MEDIUMThe MobileIron Sentry must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).V-251001HIGHMobileIron Sentry must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.V-251002LOWMobileIron Sentry must off-load audit records onto a different system or media than the system being audited.V-251003LOWMobileIron Sentry must enforce access restrictions associated with changes to the system components.V-251004LOWMobileIron Sentry must be configured to conduct backups of system level information contained in the information system when changes occur.V-251005MEDIUMMobileIron Sentry must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-251006HIGHMobileIron Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.V-251007HIGHMobileIron Sentry must be running an operating system release that is currently supported by MobileIron.