Unified Endpoint Management Server Security Requirements Guide
Pick two releases to diff their requirements.
Open a previous version of this STIG.
Supporting documents 4 PDFs
Bundled by DISA alongside this STIG release: overview, revision history, and readme files. Download the full archive or open an individual PDF.
Digest of Updates −1 ✎ 119
Comparison against the immediately-prior release (V2R4). Rule matching uses the Group Vuln ID. Content-change detection compares the rule’s description, check, and fix text after stripping inline markup — cosmetic-only edits aren’t flagged.
Removed rules 1
- V-234354 Medium The UEM server must be configured to use only documented platform APIs.
Content changes 119
- V-234275 Medium description The UEM server must limit the number of concurrent sessions per privileged user account to three or less concurrent sessions.
- V-234276 Medium description The UEM server must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
- V-234277 Medium description The UEM server must initiate a session lock after a 15-minute period of inactivity.
- V-234278 Medium description The MDM server must provide the capability for users to directly initiate a session lock.
- V-234279 Medium description The MDM server must retain the session lock until the user reestablishes access using established identification and authentication procedures.
- V-234283 Medium description The UEM server must use TLS 1.2, or higher, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
- V-234286 Medium check The UEM server must provide automated mechanisms for supporting account management functions.
- V-234287 Medium descriptioncheck The UEM server must automatically remove or disable temporary user accounts after 72 hours if supported by the UEM server.
- V-234288 Medium descriptioncheck The UEM server must automatically disable accounts after a 35-day period of account inactivity.
- V-234289 Medium descriptioncheck The UEM server must automatically audit account creation.
- V-234290 Medium descriptioncheck The UEM server must automatically audit account modification.
- V-234291 Medium descriptioncheck The UEM server must automatically audit account disabling actions.
- V-234292 Medium descriptioncheck The UEM server must automatically audit account removal actions.
- V-234310 Medium descriptioncheck The UEM server must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
- V-234311 Medium descriptioncheckfix The UEM server must display the Standard Mandatory DoW Notice and Consent Banner before granting access to the application.
- V-234312 Low description The UEM server must retain the access banner until the user acknowledges acceptance of the access conditions.
- V-234318 Medium descriptioncheckfix The UEM server must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation.
- V-234323 Medium descriptioncheckfix The UEM server must provide audit record generation capability for DoW-defined auditable events within all application components.
- V-234324 Medium descriptioncheckfix The UEM server must be configured to provide audit records in a manner suitable for the authorized administrators to interpret the information.
- V-234325 Medium description The UEM server must be configured to allow only specific administrator roles to select which auditable events are to be audited.
- V-234326 Medium description The UEM server must generate audit records when successful/unsuccessful attempts to access privileges occur.
- V-234327 Medium description The UEM server must initiate session auditing upon startup.
- V-234328 Medium description The UEM server must be configured to produce audit records containing information to establish what type of events occurred.
- V-234329 Medium description The UEM server must be configured to produce audit records containing information to establish when (date and time) the events occurred.
- V-234330 Medium description The UEM server must be configured to produce audit records containing information to establish where the events occurred.
- V-234331 Medium description The UEM server must be configured to produce audit records containing information to establish the source of the events.
- V-234332 Medium description The UEM server must be configured to produce audit records that contain information to establish the outcome of the events.
- V-234333 Medium description The UEM server must be configured to generate audit records containing information that establishes the identity of any individual or process associated with the event.
- V-234334 Medium description The UEM server must be configured to generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.
- V-234335 Medium description The UEM SRG must alert the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of an audit processing failure.
- V-234340 Medium description The UEM server must use host operating system clocks to generate time stamps for audit records.
- V-234341 Medium description The UEM server must protect audit information from any type of unauthorized read access.
- V-234342 Medium description The UEM server must protect audit information from unauthorized modification.
- V-234343 Medium description The UEM server must protect audit information from unauthorized deletion.
- V-234347 Medium description The UEM server must back up audit records at least every seven days onto a log management server.
- V-234349 Medium description The UEM server must prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.
- V-234351 Medium description The UEM server must limit privileges to change the software resident within software libraries.
- V-234352 Medium descriptioncheckfix The UEM server must be configured to disable nonessential capabilities.
- V-234353 Medium descriptioncheckfix The firewall protecting the UEM server platform must be configured so only DoW-approved ports, protocols, and services are enabled. (Refer to the DoW Ports, Protocols, Services Management [PPSM] Category Assurance Levels [CAL] list for DoW-approved ports, protocols, and services).
- V-234355 Medium descriptioncheck The UEM server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
- V-234356 Medium descriptioncheckfix The UEM server must be configured to use a DoW Central Directory Service to provide multifactor authentication for network access to privileged and nonprivileged accounts.
- V-234358 Medium description All UEM server local accounts created during application installation and configuration must be removed. Note: In this context local accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication.
- V-234360 Medium descriptioncheck The UEM server must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
- V-234361 Medium descriptioncheckfix The UEM server must be configured to use DoW PKI for multifactor authentication. This requirement is included in SRG-APP-000149.
- V-234363 High descriptioncheck The UEM server must use FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts.
- V-234364 Medium descriptioncheck The UEM server must implement replay-resistant authentication mechanisms for network access to nonprivileged accounts.
- V-234367 Medium description The UEM server must enforce a minimum 15-character password length.
- V-234368 Medium description The UEM server must prohibit password reuse for a minimum of five generations.
- V-234369 Medium description The UEM server must enforce password complexity by requiring that at least one uppercase character be used.
- V-234370 Medium description The UEM server must enforce password complexity by requiring that at least one lowercase character be used.
- V-234371 Medium description The UEM server must enforce password complexity by requiring that at least one numeric character be used.
- V-234372 Medium description The UEM server must enforce password complexity by requiring that at least one special character be used.
- V-234374 Medium description For UEM server using password authentication, the application must store only cryptographic representations of passwords.
- V-234375 High description For UEM server using password authentication, the network element must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
- V-234377 Medium description The UEM server must enforce a 60-day maximum password lifetime restriction.
- V-234378 Medium descriptioncheck When using PKI-based authentication for user access, the UEM server must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
- V-234379 Medium description When the UEM server cannot establish a connection to determine the validity of a certificate, the server must be configured not to have the option to accept the certificate.
- V-234380 Medium descriptioncheck The UEM server, when using PKI-based authentication, must enforce authorized access to the corresponding private key.
- V-234381 Medium descriptioncheck The UEM server must map the authenticated identity to the individual user or group account for PKI-based authentication.
- V-234382 Medium description The UEM server must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
- V-234383 High descriptioncheckfix The UEM server must use FIPS-validated SHA-2 or higher hash function to protect the integrity of keyed-hash message authentication code (HMAC), Key Derivation Functions (KDFs), Random Bit Generation, and hash-only applications.
- V-234390 Medium description The UEM server must be configured to provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS].
- V-234391 Medium description The UEM server must be configured to invoke either host-OS functionality or server functionality to provide a trusted communication channel between itself and remote administrators that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -IPsec, -SSH, -TLS, -HTTPS].
- V-234392 Medium description The UEM server must be configured to invoke either host-OS functionality or server functionality to provide a trusted communication channel between itself and managed devices that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -TLS, -HTTPS].
- V-234405 Medium description The UEM server must protect the authenticity of communications sessions.
- V-234410 Medium description In the event of a system failure, the UEM server must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
- V-234424 Medium description The UEM server must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
- V-234425 Medium description The UEM server must reveal error messages only to the information system security manager (ISSM) and information system security officer (ISSO).
- V-234430 Medium description The application must notify the information system security manager (ISSM) and information system security officer (ISSO) of failed security verification tests.
- V-234438 Medium descriptioncheck The UEM server must notify system administrators (SAs) and the information system security officer (ISSO) when accounts are created.
- V-234439 Medium descriptioncheck The UEM server must notify system administrators (SAs) and the information system security officer (ISSO) when accounts are modified.
- V-234440 Medium descriptioncheck The UEM server must notify system administrators (SAs) and the information system security officer (ISSO) for account disabling actions.
- V-234441 Medium descriptioncheck The UEM server must notify system administrators (SAs) and the information system security officer (ISSO) for account removal actions.
- V-234442 Medium description The UEM server must automatically terminate a user session after an organization-defined period of user inactivity.
- V-234443 Medium description The UEM server must provide logout capability for user-initiated communication sessions.
- V-234465 Medium descriptioncheck The UEM server must automatically audit account-enabling actions.
- V-234466 Medium descriptioncheck The UEM server must notify system administrator (SA) and information system security officer (ISSO) of account enabling actions.
- V-234475 Medium description The UEM server must be configured to have at least one user in defined administrator roles.
- V-234489 Medium description The UEM server must audit the execution of privileged functions.
- V-234491 Medium descriptioncheck The UEM server must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.
- V-234500 Medium description The UEM server must be configured to transfer UEM server logs to another server for storage, analysis, and reporting. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
- V-234516 Medium description The UEM server must be configured to record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
- V-234521 Medium description The UEM server must be configured to only allow enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.
- V-234523 Medium description The UEM server must enforce access restrictions associated with changes to the server configuration.
- V-234524 Medium description The UEM server must audit the enforcement actions used to restrict access associated with changes to the application.
- V-234526 Medium descriptioncheckfix The UEM server must disable organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or nonsecure.
- V-234538 High descriptioncheckfix Before establishing a connection to any endpoint device being managed, the UEM server must establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device.
- V-234543 Medium descriptioncheck The UEM server must prohibit the use of cached authenticators after an organization-defined time period.
- V-234573 Medium descriptioncheckfix The UEM server must only allow the use of DoW PKI established certificate authorities for verification of the establishment of protected sessions.
- V-234574 Medium description The UEM server must be configured to use X.509v3 certificates for code signing for system software updates.
- V-234575 Medium description The UEM server must be configured to use X.509v3 certificates for code signing for integrity verification.
- V-234588 High description The UEM server must connect to [assignment: [list of applications]] and managed mobile devices with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
- V-234622 Medium description The UEM server must be configured with the periodicity of the following commands to the agent of six hours or less: - query connectivity status; - query the current version of the managed device firmware/software; - query the current version of installed mobile applications; - read audit logs kept by the managed device.
- V-234624 Medium descriptioncheckfix The UEM server must alert the system administrator (SA) when anomalies in the operation of security functions are discovered.
- V-234642 Medium description The UEM server must generate audit records when successful/unsuccessful attempts to access security objects occur.
- V-234645 Medium description The UEM server must generate audit records when successful/unsuccessful attempts to modify privileges occur.
- V-234646 Medium description The UEM server must generate audit records when successful/unsuccessful attempts to modify security objects occur.
- V-234649 Medium description The UEM server must generate audit records when successful/unsuccessful attempts to delete privileges occur.
- V-234651 Medium description The UEM server must generate audit records when successful/unsuccessful attempts to delete security objects occur.
- V-234653 Medium description The UEM server must generate audit records when successful/unsuccessful logon attempts occur.
- V-234654 Medium description The UEM server must generate audit records for privileged activities or other system-level access.
- V-234655 Medium description The UEM server must generate audit records showing starting and ending time for user access to the system.
- V-234656 Medium description The UEM server must generate audit records when concurrent logons from different workstations occur.
- V-234657 Medium description The UEM server must generate audit records when successful/unsuccessful accesses to objects occur.
- V-234658 Medium description The UEM server must generate audit records for all direct access to the information system.
- V-234659 Medium descriptioncheck The UEM server must generate audit records for all account creations, modifications, disabling, and termination events.
- V-234664 High description The UEM server must use a FIPS-validated cryptographic module to generate cryptographic hashes.
- V-234665 Medium description The UEM server must, at a minimum, off-load audit logs of interconnected systems in real time and off-load standalone systems weekly.
- V-234666 Medium descriptioncheckfix The UEM server must be configured in accordance with the security configuration settings based on DoW security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
- V-234667 Medium description The UEM server must be configured to allow authorized administrators to read all audit data from audit records on the server.
- V-234668 High descriptioncheckfix The UEM server must be configured to implement FIPS 140-3 mode for all server and agent encryption.
- V-234669 Medium descriptioncheckfix The UEM server must be configured to prohibit client negotiation to TLS 1.2, SSL 2.0, or SSL 3.0.
- V-234673 Medium description The UEM server must authenticate endpoint devices (servers) before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
- V-234674 Medium description If cipher suites using pre-shared keys are used for device authentication, the UEM server must have a minimum security strength of 112 bits or higher.
- V-234676 Medium description The UEM server must validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation.
- V-234677 High description The application must use FIPS-validated SHA-256 or higher hash function for digital signature generation and verification.
- V-264368 High descriptioncheck The UEM server must sign policies and policy updates using a private key associated with [selection: an X509 certificate, a public key provisioned to the agent trusted by the agent] for policy verification.
- V-264369 High description The UEM server, for each unique policy managed, must validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent] associated with a policy signing key uniquely associated with the policy.
- V-279012 High description The UEM server must be a version supported by the vendor.
- RMF Control
- AC-10
- Severity
- M
- CCI
- CCI-000054
- Version
- SRG-APP-000001-UEM-000001
- Vuln IDs
-
- V-234275
- Rule IDs
-
- SV-234275r1212890_rule
Checks: C-37460r1207977_chk
Verify the UEM server limits the number of concurrent sessions per privileged user account to three or less concurrent sessions. If the UEM server does not limit the number of concurrent sessions per privileged user account to three or less concurrent sessions, this is a finding.
Fix: F-37425r617395_fix
Configure the UEM server to limit the number of concurrent sessions per privileged user account to three or less concurrent sessions.
- RMF Control
- AC-11
- Severity
- M
- CCI
- CCI-000060
- Version
- SRG-APP-000002-UEM-000002
- Vuln IDs
-
- V-234276
- Rule IDs
-
- SV-234276r1212891_rule
Checks: C-37461r613838_chk
Verify the UEM server conceals, via the session lock, information previously visible on the display with a publicly viewable image. If the UEM server does not conceal via the session lock information previously visible on the display with a publicly viewable image, this is a finding.
Fix: F-37426r613839_fix
Configure the UEM server to conceal via the session lock information previously visible on the display with a publicly viewable image.
- RMF Control
- AC-11
- Severity
- M
- CCI
- CCI-000057
- Version
- SRG-APP-000003-UEM-000003
- Vuln IDs
-
- V-234277
- Rule IDs
-
- SV-234277r1212892_rule
Checks: C-37462r613841_chk
Verify the UEM server initiates a session lock after a 15-minute period of inactivity. If the UEM server does not initiate a session lock after a 15-minute period of inactivity, this is a finding.
Fix: F-37427r613842_fix
Configure the UEM server to initiate a session lock after a 15-minute period of inactivity.
- RMF Control
- AC-11
- Severity
- M
- CCI
- CCI-000057
- Version
- SRG-APP-000004-UEM-000004
- Vuln IDs
-
- V-234278
- Rule IDs
-
- SV-234278r1212893_rule
Checks: C-37463r613844_chk
Verify the UEM server provides the capability for users to directly initiate a session lock. If the UEM server does not provide the capability for users to directly initiate a session lock, this is a finding.
Fix: F-37428r613845_fix
Configure the UEM server to provide the capability for users to directly initiate a session lock.
- RMF Control
- AC-11
- Severity
- M
- CCI
- CCI-000056
- Version
- SRG-APP-000005-UEM-000005
- Vuln IDs
-
- V-234279
- Rule IDs
-
- SV-234279r1212894_rule
Checks: C-37464r613847_chk
Verify the UEM server retains the session lock until the user reestablishes access using established identification and authentication procedures. If the UEM server does not retain the session lock until the user reestablishes access using established identification and authentication procedures, this is a finding.
Fix: F-37429r613848_fix
Configure the MDM server to retain the session lock until the user reestablishes access using established identification and authentication procedures.
- RMF Control
- AC-17
- Severity
- M
- CCI
- CCI-000068
- Version
- SRG-APP-000014-UEM-000009
- Vuln IDs
-
- V-234283
- Rule IDs
-
- SV-234283r1212898_rule
Checks: C-37468r613859_chk
Verify the UEM server uses TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access. If the UEM server does not use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access, this is a finding.
Fix: F-37433r613860_fix
Configure the UEM server to use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000015
- Version
- SRG-APP-000023-UEM-000012
- Vuln IDs
-
- V-234286
- Rule IDs
-
- SV-234286r1212902_rule
Checks: C-37471r1212901_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server provides automated mechanisms for supporting account management functions. If the UEM server does not provide automated mechanisms for supporting account management functions, this is a finding.
Fix: F-37436r613869_fix
Configure the UEM server to provide automated mechanisms for supporting account management functions.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000016
- Version
- SRG-APP-000024-UEM-000013
- Vuln IDs
-
- V-234287
- Rule IDs
-
- SV-234287r1212904_rule
Checks: C-37472r1212903_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically removes or disables temporary user accounts after 72 hours, if supported by the UEM server. If the UEM server does not automatically remove or disable temporary user accounts after 72 hours, if supported by the UEM server, this is a finding.
Fix: F-37437r613872_fix
Configure the UEM server to automatically remove or disable temporary user accounts after 72 hours, if supported by the UEM server.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000017
- Version
- SRG-APP-000025-UEM-000014
- Vuln IDs
-
- V-234288
- Rule IDs
-
- SV-234288r1212906_rule
Checks: C-37473r1212905_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically disables accounts after a 35-day period of account inactivity. If the UEM server does not automatically disable accounts after a 35-day period of account inactivity, this is a finding.
Fix: F-37438r613875_fix
Configure the UEM server to automatically disable accounts after a 35-day period of account inactivity.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000018
- Version
- SRG-APP-000026-UEM-000015
- Vuln IDs
-
- V-234289
- Rule IDs
-
- SV-234289r1212908_rule
Checks: C-37474r1212907_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically audits account creation. If the UEM server does not automatically audit account creation, this is a finding.
Fix: F-37439r613878_fix
Configure the UEM server to automatically audit account creation.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-001403
- Version
- SRG-APP-000027-UEM-000016
- Vuln IDs
-
- V-234290
- Rule IDs
-
- SV-234290r1212910_rule
Checks: C-37475r1212909_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically audits account modification. If the UEM server does not automatically audit account modification, this is a finding.
Fix: F-37440r613881_fix
Configure the UEM server to automatically audit account modification.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-001404
- Version
- SRG-APP-000028-UEM-000017
- Vuln IDs
-
- V-234291
- Rule IDs
-
- SV-234291r1212912_rule
Checks: C-37476r1212911_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically audits account disabling actions. If the UEM server does not automatically audit account disabling actions, this is a finding.
Fix: F-37441r613884_fix
Configure the UEM server to automatically audit account disabling actions.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-001405
- Version
- SRG-APP-000029-UEM-000018
- Vuln IDs
-
- V-234292
- Rule IDs
-
- SV-234292r1212914_rule
Checks: C-37477r1212913_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically audits account removal actions. If the UEM server does not automatically audit account removal actions, this is a finding.
Fix: F-37442r613887_fix
Configure the UEM server to automatically audit account removal actions.
- RMF Control
- AC-7
- Severity
- M
- CCI
- CCI-000044
- Version
- SRG-APP-000065-UEM-000036
- Vuln IDs
-
- V-234310
- Rule IDs
-
- SV-234310r1212933_rule
Checks: C-37495r1212932_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server enforces the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. If the UEM server does not enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period, this is a finding.
Fix: F-37460r613941_fix
Configure the UEM server to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
- RMF Control
- AC-8
- Severity
- M
- CCI
- CCI-000048
- Version
- SRG-APP-000068-UEM-000037
- Vuln IDs
-
- V-234311
- Rule IDs
-
- SV-234311r1212936_rule
Checks: C-37496r1212934_chk
Verify the UEM server displays the Standard Mandatory DoW Notice and Consent Banner before granting access to the application. If the UEM server does not display the Standard Mandatory DoW Notice and Consent Banner before granting access to the application, this is a finding.
Fix: F-37461r1212935_fix
Configure the UEM server to display the Standard Mandatory DoW Notice and Consent Banner before granting access to the application.
- RMF Control
- AC-8
- Severity
- L
- CCI
- CCI-000050
- Version
- SRG-APP-000069-UEM-000038
- Vuln IDs
-
- V-234312
- Rule IDs
-
- SV-234312r1212937_rule
Checks: C-37497r613946_chk
Verify the UEM server retains the access banner until the user acknowledges acceptance of the access conditions. If the UEM server does not retain the access banner until the user acknowledges acceptance of the access conditions, this is a finding.
Fix: F-37462r613947_fix
Configure the UEM server to retain the access banner until the user acknowledges acceptance of the access conditions.
- RMF Control
- AU-10
- Severity
- M
- CCI
- CCI-000166
- Version
- SRG-APP-000080-UEM-000044
- Vuln IDs
-
- V-234318
- Rule IDs
-
- SV-234318r1212943_rule
Checks: C-37503r1208000_chk
Verify the UEM server protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation. If the UEM server does not protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation this is a finding.
Fix: F-37468r1208001_fix
Configure the UEM server to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000169
- Version
- SRG-APP-000089-UEM-000049
- Vuln IDs
-
- V-234323
- Rule IDs
-
- SV-234323r1212950_rule
Checks: C-37508r1212948_chk
Verify the UEM server provides audit record generation capability for DoW-defined auditable events within all application components. If the UEM server does not provide audit record generation capability for DoW-defined auditable events within all application components, this is a finding.
Fix: F-37473r1212949_fix
Configure the UEM server to provide audit record generation capability for DoW-defined auditable events within all application components.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000169
- Version
- SRG-APP-000089-UEM-000050
- Vuln IDs
-
- V-234324
- Rule IDs
-
- SV-234324r1212951_rule
Checks: C-37509r1208006_chk
Verify the UEM server provides audit records in a manner suitable for the authorized administrators to interpret the information. If the UEM server does not provide audit records in a manner suitable for the authorized administrators to interpret the information, this is a finding.
Fix: F-37474r1208007_fix
Configure the UEM server to be configured to provide audit records in a manner suitable for the authorized administrators to interpret the information.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000171
- Version
- SRG-APP-000090-UEM-000051
- Vuln IDs
-
- V-234325
- Rule IDs
-
- SV-234325r1212952_rule
Checks: C-37510r613985_chk
Verify the UEM server allows only specific administrator roles to select which auditable events are to be audited. If the UEM server does not allow only specific administrator roles to select which auditable events are to be audited, this is a finding.
Fix: F-37475r613986_fix
Configure the UEM server to be configured to allow only specific administrator roles to select which auditable events are to be audited.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000091-UEM-000052
- Vuln IDs
-
- V-234326
- Rule IDs
-
- SV-234326r1212953_rule
Checks: C-37511r613988_chk
Verify the UEM server generates audit records when successful/unsuccessful attempts to access privileges occur. If the UEM server does not generate audit records when successful/unsuccessful attempts to access privileges occur, this is a finding.
Fix: F-37476r613989_fix
Configure the UEM server to generate audit records when successful/unsuccessful attempts to access privileges occur.
- RMF Control
- AU-14
- Severity
- M
- CCI
- CCI-001464
- Version
- SRG-APP-000092-UEM-000053
- Vuln IDs
-
- V-234327
- Rule IDs
-
- SV-234327r1212954_rule
Checks: C-37512r613991_chk
Verify the UEM server initiate session auditing upon startup. If the UEM server does not initiate session auditing upon startup, this is a finding.
Fix: F-37477r613992_fix
Configure the UEM server to initiate session auditing upon startup.
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SRG-APP-000095-UEM-000055
- Vuln IDs
-
- V-234328
- Rule IDs
-
- SV-234328r1212955_rule
Checks: C-37513r613994_chk
Verify the UEM server produces audit records containing information to establish what type of events occurred. If the UEM server does not produce audit records containing information to establish what type of events occurred, this is a finding.
Fix: F-37478r613995_fix
Configure the UEM server to be configured to produce audit records containing information to establish what type of events occurred.
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000131
- Version
- SRG-APP-000096-UEM-000056
- Vuln IDs
-
- V-234329
- Rule IDs
-
- SV-234329r1212956_rule
Checks: C-37514r613997_chk
Verify the UEM server produces audit records containing information to establish when (date and time) the events occurred. If the UEM server does not produce audit records containing information to establish when (date and time) the events occurred, this is a finding.
Fix: F-37479r613998_fix
Configure the UEM server to be configured to produce audit records containing information to establish when (date and time) the events occurred.
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000132
- Version
- SRG-APP-000097-UEM-000057
- Vuln IDs
-
- V-234330
- Rule IDs
-
- SV-234330r1212957_rule
Checks: C-37515r614000_chk
Verify the UEM server produces audit records containing information to establish where the events occurred. If the UEM server does not produce audit records containing information to establish where the events occurred, this is a finding.
Fix: F-37480r614001_fix
Configure the UEM server to be configured to produce audit records containing information to establish where the events occurred.
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000133
- Version
- SRG-APP-000098-UEM-000058
- Vuln IDs
-
- V-234331
- Rule IDs
-
- SV-234331r1212958_rule
Checks: C-37516r614003_chk
Verify the UEM server produces audit records containing information to establish the source of the events. If the UEM server does not produce audit records containing information to establish the source of the events, this is a finding.
Fix: F-37481r614004_fix
Configure the UEM server to be configured to produce audit records containing information to establish the source of the events.
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000134
- Version
- SRG-APP-000099-UEM-000059
- Vuln IDs
-
- V-234332
- Rule IDs
-
- SV-234332r1212959_rule
Checks: C-37517r614006_chk
Verify the UEM server produces audit records that contain information to establish the outcome of the events. If the UEM server does not produce audit records that contain information to establish the outcome of the events, this is a finding.
Fix: F-37482r614007_fix
Configure the UEM server to be configured to produce audit records that contain information to establish the outcome of the events.
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-001487
- Version
- SRG-APP-000100-UEM-000060
- Vuln IDs
-
- V-234333
- Rule IDs
-
- SV-234333r1212960_rule
Checks: C-37518r614009_chk
Verify the UEM server generates audit records containing information that establishes the identity of any individual or process associated with the event. If the UEM server does not generate audit records containing information that establishes the identity of any individual or process associated with the event, this is a finding.
Fix: F-37483r614010_fix
Configure the UEM server to be configured to generate audit records containing information that establishes the identity of any individual or process associated with the event.
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000135
- Version
- SRG-APP-000101-UEM-000061
- Vuln IDs
-
- V-234334
- Rule IDs
-
- SV-234334r1212961_rule
Checks: C-37519r614012_chk
Verify the UEM server generates audit records containing the full-text recording of privileged commands or the individual identities of group account users. If the UEM server does not generate audit records containing the full-text recording of privileged commands or the individual identities of group account users, this is a finding.
Fix: F-37484r614013_fix
Configure the UEM server to be configured to generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.
- RMF Control
- AU-5
- Severity
- M
- CCI
- CCI-000139
- Version
- SRG-APP-000108-UEM-000062
- Vuln IDs
-
- V-234335
- Rule IDs
-
- SV-234335r1212962_rule
Checks: C-37520r614015_chk
Verify the UEM server alerts the ISSO and SA (at a minimum) in the event of an audit processing failure. If the UEM server does not alert the ISSO and SA (at a minimum) in the event of an audit processing failure, this is a finding.
Fix: F-37485r614016_fix
Configure the UEM server to alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
- RMF Control
- AU-8
- Severity
- M
- CCI
- CCI-000159
- Version
- SRG-APP-000116-UEM-000067
- Vuln IDs
-
- V-234340
- Rule IDs
-
- SV-234340r1212967_rule
Checks: C-37525r614030_chk
Verify the UEM server uses host operating system clocks to generate time stamps for audit records. If the UEM server does not use host operating system clocks to generate time stamps for audit records, this is a finding
Fix: F-37490r614031_fix
Configure the UEM server to use host operating system clocks to generate time stamps for audit records.
- RMF Control
- AU-9
- Severity
- M
- CCI
- CCI-000162
- Version
- SRG-APP-000118-UEM-000068
- Vuln IDs
-
- V-234341
- Rule IDs
-
- SV-234341r1212968_rule
Checks: C-37526r614033_chk
Verify the UEM server protects audit information from any type of unauthorized read access. If the UEM server does not protect audit information from any type of unauthorized read access, this is a finding
Fix: F-37491r614034_fix
Configure the UEM server to protect audit information from any type of unauthorized read access.
- RMF Control
- AU-9
- Severity
- M
- CCI
- CCI-000163
- Version
- SRG-APP-000119-UEM-000069
- Vuln IDs
-
- V-234342
- Rule IDs
-
- SV-234342r1212969_rule
Checks: C-37527r614036_chk
Verify the UEM server protects audit information from unauthorized modification. If the UEM server does not protect audit information from unauthorized modification, this is a finding.
Fix: F-37492r614037_fix
Configure the UEM server to protect audit information from unauthorized modification.
- RMF Control
- AU-9
- Severity
- M
- CCI
- CCI-000164
- Version
- SRG-APP-000120-UEM-000070
- Vuln IDs
-
- V-234343
- Rule IDs
-
- SV-234343r1212970_rule
Checks: C-37528r614039_chk
Verify the UEM server protects audit information from unauthorized deletion. If the UEM server does not protect audit information from unauthorized deletion, this is a finding
Fix: F-37493r614040_fix
Configure the UEM server to protect audit information from unauthorized deletion.
- RMF Control
- AU-9
- Severity
- M
- CCI
- CCI-001348
- Version
- SRG-APP-000125-UEM-000074
- Vuln IDs
-
- V-234347
- Rule IDs
-
- SV-234347r1212974_rule
Checks: C-37532r614051_chk
Verify the UEM server backs up audit records at least every seven days onto a log management server. If the UEM server does not back up audit records at least every seven days onto a log management server, this is a finding.
Fix: F-37497r614052_fix
Configure the UEM server to back up audit records at least every seven days onto a log management server.
- RMF Control
- Severity
- M
- CCI
- CCI-003992
- Version
- SRG-APP-000131-UEM-000076
- Vuln IDs
-
- V-234349
- Rule IDs
-
- SV-234349r1212976_rule
Checks: C-37534r614057_chk
Verify the UEM server prevents the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. If the UEM server does not prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization, this is a finding.
Fix: F-37499r614058_fix
Configure the UEM server to prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SRG-APP-000133-UEM-000078
- Vuln IDs
-
- V-234351
- Rule IDs
-
- SV-234351r1212978_rule
Checks: C-37536r614063_chk
Verify the UEM server limits privileges to change the software resident within software libraries. If the UEM server does not limit privileges to change the software resident within software libraries, this is a finding.
Fix: F-37501r614064_fix
Configure the UEM server to limit privileges to change the software resident within software libraries.
- RMF Control
- CM-7
- Severity
- M
- CCI
- CCI-000381
- Version
- SRG-APP-000141-UEM-000079
- Vuln IDs
-
- V-234352
- Rule IDs
-
- SV-234352r1212979_rule
Checks: C-37537r1208027_chk
Verify the UEM server has disabled nonessential capabilities. If the UEM server has not disabled nonessential capabilities, this is a finding.
Fix: F-37502r1208028_fix
Configure the UEM server to be configured to disable nonessential capabilities.
- RMF Control
- CM-7
- Severity
- M
- CCI
- CCI-000382
- Version
- SRG-APP-000142-UEM-000080
- Vuln IDs
-
- V-234353
- Rule IDs
-
- SV-234353r1212982_rule
Checks: C-37538r1212980_chk
Verify the firewall protecting the UEM server platform is configured so that only DoW-approved ports, protocols, and services are enabled. (Refer to the DoW PPSM CAL list for DoW-approved ports, protocols, and services). If the firewall protecting the UEM server platform is not configured so that only DoW-approved ports, protocols, and services are enabled, this is a finding.
Fix: F-37503r1212981_fix
Configure the firewall protecting the UEM server platform so that only DoW-approved ports, protocols, and services are enabled. (Refer to the DoW PPSM CAL list for DoW-approved ports, protocols, and services).
- RMF Control
- IA-2
- Severity
- M
- CCI
- CCI-000764
- Version
- SRG-APP-000148-UEM-000082
- Vuln IDs
-
- V-234355
- Rule IDs
-
- SV-234355r1212985_rule
Checks: C-37540r1212984_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). If the UEM server does not uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users), this is a finding.
Fix: F-37505r614076_fix
Configure the UEM server to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
- RMF Control
- IA-2
- Severity
- M
- CCI
- CCI-000765
- Version
- SRG-APP-000149-UEM-000083
- Vuln IDs
-
- V-234356
- Rule IDs
-
- SV-234356r1212988_rule
Checks: C-37541r1212986_chk
Verify the UEM server uses a DoW Central Directory Service to provide multifactor authentication for network access to privileged and nonprivileged accounts. If the UEM server does not use a DoW Central Directory Service to provide multifactor authentication for network access to privileged and nonprivileged accounts, this is a finding.
Fix: F-37506r1212987_fix
Configure the UEM server to use a DoW Central Directory Service to provide multifactor authentication for network access to privileged and nonprivileged accounts.
- RMF Control
- IA-2
- Severity
- M
- CCI
- CCI-000765
- Version
- SRG-APP-000151-UEM-000085
- Vuln IDs
-
- V-234358
- Rule IDs
-
- SV-234358r1212990_rule
Checks: C-37543r985679_chk
Verify all UEM server local accounts created during application installation and configuration have been removed. Note: In this context, "local" accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication. If all UEM server local accounts created during application installation and configuration have not been removed, this is a finding.
Fix: F-37508r985680_fix
Remove all UEM server local accounts created during application installation. Note: In this context, "local" accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication.
- RMF Control
- Severity
- M
- CCI
- CCI-004045
- Version
- SRG-APP-000153-UEM-000087
- Vuln IDs
-
- V-234360
- Rule IDs
-
- SV-234360r1212993_rule
Checks: C-37545r1212992_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server ensures users are authenticated with an individual authenticator prior to using a group authenticator. If the UEM server does not ensure users are authenticated with an individual authenticator prior to using a group authenticator, this is a finding.
Fix: F-37510r614091_fix
Configure the UEM server to ensure users are authenticated with an individual authenticator prior to using a group authenticator.
- RMF Control
- Severity
- M
- CCI
- CCI-004046
- Version
- SRG-APP-000154-UEM-000088
- Vuln IDs
-
- V-234361
- Rule IDs
-
- SV-234361r1212996_rule
Checks: C-37546r1212994_chk
Verify the UEM server uses DoW PKI for multifactor authentication. If the UEM server does not use DoW PKI for multifactor authentication, this is a finding.
Fix: F-37511r1212995_fix
Configure the UEM server to use DoW PKI for multifactor authentication.
- RMF Control
- IA-2
- Severity
- H
- CCI
- CCI-001941
- Version
- SRG-APP-000156-UEM-000090
- Vuln IDs
-
- V-234363
- Rule IDs
-
- SV-234363r1212999_rule
Checks: C-37548r1212998_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server uses FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts. If the UEM server does not use FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts, this is a finding.
Fix: F-37513r614100_fix
Configure the UEM server to use FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts.
- RMF Control
- IA-2
- Severity
- M
- CCI
- CCI-001941
- Version
- SRG-APP-000157-UEM-000091
- Vuln IDs
-
- V-234364
- Rule IDs
-
- SV-234364r1213001_rule
Checks: C-37549r1213000_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server implements replay-resistant authentication mechanisms for network access to nonprivileged accounts. If the UEM server does not implement replay-resistant authentication mechanisms for network access to nonprivileged accounts, this is a finding.
Fix: F-37514r985690_fix
Configure the UEM server to implement replay-resistant authentication mechanisms for network access to nonprivileged accounts.
- RMF Control
- Severity
- M
- CCI
- CCI-004066
- Version
- SRG-APP-000164-UEM-000094
- Vuln IDs
-
- V-234367
- Rule IDs
-
- SV-234367r1213003_rule
Checks: C-37552r614111_chk
Verify the UEM server enforces a minimum 15-character password length. If the UEM server does not enforce a minimum 15-character password length, this is a finding.
Fix: F-37517r614112_fix
Configure the UEM server to enforce a minimum 15-character password length.
- RMF Control
- Severity
- M
- CCI
- CCI-004061
- Version
- SRG-APP-000165-UEM-000095
- Vuln IDs
-
- V-234368
- Rule IDs
-
- SV-234368r1213004_rule
Checks: C-37553r614114_chk
Verify the UEM server prohibits password reuse for a minimum of five generations. If the UEM server does not prohibit password reuse for a minimum of five generations, this is a finding.
Fix: F-37518r614115_fix
Configure the UEM server to prohibit password reuse for a minimum of five generations.
- RMF Control
- Severity
- M
- CCI
- CCI-004066
- Version
- SRG-APP-000166-UEM-000096
- Vuln IDs
-
- V-234369
- Rule IDs
-
- SV-234369r1213005_rule
Checks: C-37554r614117_chk
Verify the UEM server enforces password complexity by requiring that at least one uppercase character be used. If the UEM server does not enforce password complexity by requiring that at least one uppercase character be used, this is a finding.
Fix: F-37519r614118_fix
Configure the UEM server to enforce password complexity by requiring that at least one uppercase character be used.
- RMF Control
- Severity
- M
- CCI
- CCI-004066
- Version
- SRG-APP-000167-UEM-000097
- Vuln IDs
-
- V-234370
- Rule IDs
-
- SV-234370r1213006_rule
Checks: C-37555r614120_chk
Verify the UEM server enforces password complexity by requiring that at least one lowercase character be used. If the UEM server does not enforce password complexity by requiring that at least one lowercase character be used, this is a finding.
Fix: F-37520r614121_fix
Configure the UEM server to enforce password complexity by requiring that at least one lowercase character be used.
- RMF Control
- Severity
- M
- CCI
- CCI-004066
- Version
- SRG-APP-000168-UEM-000098
- Vuln IDs
-
- V-234371
- Rule IDs
-
- SV-234371r1213007_rule
Checks: C-37556r614123_chk
Verify the UEM server enforces password complexity by requiring that at least one numeric character be used. If the UEM server does not enforce password complexity by requiring that at least one numeric character be used, this is a finding.
Fix: F-37521r614124_fix
Configure the UEM server to enforce password complexity by requiring that at least one numeric character be used.
- RMF Control
- Severity
- M
- CCI
- CCI-004066
- Version
- SRG-APP-000169-UEM-000099
- Vuln IDs
-
- V-234372
- Rule IDs
-
- SV-234372r1213008_rule
Checks: C-37557r614126_chk
Verify the UEM server enforces password complexity by requiring that at least one special character be used. If the UEM server does not enforce password complexity by requiring that at least one special character be used, this is a finding.
Fix: F-37522r614127_fix
Configure the UEM server to enforce password complexity by requiring that at least one special character be used.
- RMF Control
- Severity
- M
- CCI
- CCI-004066
- Version
- SRG-APP-000170-UEM-000100
- Vuln IDs
-
- V-234373
- Rule IDs
-
- SV-234373r1213009_rule
Checks: C-37558r1042487_chk
Verify the UEM server requires the change of at least 50 percent of the previous password's characters. If the UEM server does not require the change of at least 50 percent of the previous password's characters when passwords are changed, this is a finding.
Fix: F-37523r1042488_fix
Configure the UEM server to require the change of at least 50 percent of the previous password's characters.
- RMF Control
- Severity
- M
- CCI
- CCI-004062
- Version
- SRG-APP-000171-UEM-000101
- Vuln IDs
-
- V-234374
- Rule IDs
-
- SV-234374r1213010_rule
Checks: C-37559r614132_chk
If the UEM server is using password authentication, verify the server stores only cryptographic representations of passwords. If the UEM server is using password authentication but does not store only cryptographic representations of passwords, this is a finding.
Fix: F-37524r614133_fix
For a UEM server using password authentication, configure the server to store only cryptographic representations of passwords.
- RMF Control
- IA-5
- Severity
- H
- CCI
- CCI-000197
- Version
- SRG-APP-000172-UEM-000102
- Vuln IDs
-
- V-234375
- Rule IDs
-
- SV-234375r1213011_rule
Checks: C-37560r614135_chk
For UEM server using password authentication, verify the network element uses FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process. If UEM server using password authentication but the network element does not use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process, this is a finding.
Fix: F-37525r614136_fix
For a UEM server using password authentication, configure the network element to use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
- RMF Control
- Severity
- M
- CCI
- CCI-004066
- Version
- SRG-APP-000174-UEM-000104
- Vuln IDs
-
- V-234377
- Rule IDs
-
- SV-234377r1213012_rule
Checks: C-37562r614141_chk
Verify the UEM server enforces a 60-day maximum password lifetime restriction. If the UEM server does not enforce a 60-day maximum password lifetime restriction, this is a finding.
Fix: F-37527r614142_fix
Configure the UEM server to enforce a 60-day maximum password lifetime restriction.
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000185
- Version
- SRG-APP-000175-UEM-000105
- Vuln IDs
-
- V-234378
- Rule IDs
-
- SV-234378r1213014_rule
Checks: C-37563r1213013_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. When using PKI-based authentication for user access, verify the UEM server validates certificates by constructing a certification path (which includes status information) to an accepted trust anchor. If the UEM server uses PKI-based authentication for user access but does not validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor, this is a finding.
Fix: F-37528r614145_fix
When using PKI-based authentication for user access, configure the UEM server to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000185
- Version
- SRG-APP-000175-UEM-000106
- Vuln IDs
-
- V-234379
- Rule IDs
-
- SV-234379r1213015_rule
Checks: C-37564r614147_chk
Verify the UEM server does not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate. If the UEM server automatically accepts a certificate when it cannot establish a connection to determine the validity of a certificate, this is a finding.
Fix: F-37529r614148_fix
Configure the UEM server to not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000186
- Version
- SRG-APP-000176-UEM-000107
- Vuln IDs
-
- V-234380
- Rule IDs
-
- SV-234380r1213017_rule
Checks: C-37565r1213016_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the he UEM server, when using PKI-based authentication, enforces authorized access to the corresponding private key. If the UEM server, when using PKI-based authentication, does not enforce authorized access to the corresponding private key, this is a finding
Fix: F-37530r614151_fix
Configure the UEM server, when using PKI-based authentication, to enforce authorized access to the corresponding private key.
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000187
- Version
- SRG-APP-000177-UEM-000108
- Vuln IDs
-
- V-234381
- Rule IDs
-
- SV-234381r1213019_rule
Checks: C-37566r1213018_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server maps the authenticated identity to the individual user or group account for PKI-based authentication. If the UEM server does not map the authenticated identity to the individual user or group account for PKI-based authentication, this is a finding.
Fix: F-37531r614154_fix
Configure the UEM server to map the authenticated identity to the individual user or group account for PKI-based authentication.
- RMF Control
- IA-6
- Severity
- M
- CCI
- CCI-000206
- Version
- SRG-APP-000178-UEM-000109
- Vuln IDs
-
- V-234382
- Rule IDs
-
- SV-234382r1213020_rule
Checks: C-37567r614156_chk
Verify the UEM server obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. If the UEM server does not obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals, this is a finding.
Fix: F-37532r614157_fix
Configure the UEM server to obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
- RMF Control
- IA-7
- Severity
- H
- CCI
- CCI-000803
- Version
- SRG-APP-000179-UEM-000110
- Vuln IDs
-
- V-234383
- Rule IDs
-
- SV-234383r1213021_rule
Checks: C-37568r1208062_chk
Verify the UEM server uses FIPS-validated SHA-2 or higher hash function to protect the integrity of keyed-HMAC, KDFs, Random Bit Generation, and hash-only applications. If the UEM server does not use FIPS-validated SHA-2 or higher hash function to protect the integrity of keyed-HMAC, KDFs, Random Bit Generation, and hash-only applications, this is a finding.
Fix: F-37533r1208063_fix
Configure the UEM server to use FIPS-validated SHA-2 or higher hash function to protect the integrity of keyed-HMAC, KDFs, Random Bit Generation, and hash-only applications.
- RMF Control
- Severity
- M
- CCI
- CCI-004750
- Version
- SRG-APP-000191-UEM-000117
- Vuln IDs
-
- V-234390
- Rule IDs
-
- SV-234390r1213027_rule
Checks: C-37575r614180_chk
Verify the UEM server provides a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS]. If the UEM server does not provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS], this is a finding.
Fix: F-37540r614181_fix
Configure the UEM server to provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS].
- RMF Control
- Severity
- M
- CCI
- CCI-004750
- Version
- SRG-APP-000191-UEM-000118
- Vuln IDs
-
- V-234391
- Rule IDs
-
- SV-234391r1213028_rule
Checks: C-37576r614183_chk
Verify the UEM server invokes either host-OS functionality or server functionality to provide a trusted communication channel between itself and remote administrators that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -IPsec, -SSH, -TLS, -HTTPS]. If the UEM server does not invoke either host-OS functionality or server functionality to provide a trusted communication channel between itself and remote administrators that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -IPsec, -SSH, -TLS, -HTTPS], this is a finding.
Fix: F-37541r1208149_fix
Configure the UEM server to invoke either host-OS functionality or server functionality to provide a trusted communication channel between itself and remote administrators that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -IPsec, -SSH, -TLS, -HTTPS].
- RMF Control
- Severity
- M
- CCI
- CCI-004750
- Version
- SRG-APP-000191-UEM-000119
- Vuln IDs
-
- V-234392
- Rule IDs
-
- SV-234392r1213029_rule
Checks: C-37577r614186_chk
Verify the UEM server invokes either host-OS functionality or server functionality to provide a trusted communication channel between itself and managed devices that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -TLS, -HTTPS]. If the UEM server does not invoke either host-OS functionality or server functionality to provide a trusted communication channel between itself and managed devices that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -TLS, -HTTPS], this is a finding.
Fix: F-37542r1208151_fix
Configure the UEM server to invoke either host-OS functionality or server functionality to provide a trusted communication channel between itself and managed devices that provides assured identification of its endpoints and protection of the communicated data from modification and disclosure using [selection: -TLS, -HTTPS].
- RMF Control
- SC-23
- Severity
- M
- CCI
- CCI-001184
- Version
- SRG-APP-000219-UEM-000132
- Vuln IDs
-
- V-234405
- Rule IDs
-
- SV-234405r1213042_rule
Checks: C-37590r614225_chk
Verify the UEM server protects the authenticity of communications sessions. If the UEM server does not protect the authenticity of communications sessions, this is a finding.
Fix: F-37555r614226_fix
Configure the UEM server to protect the authenticity of communications sessions.
- RMF Control
- SC-23
- Severity
- M
- CCI
- CCI-001185
- Version
- SRG-APP-000220-UEM-000133
- Vuln IDs
-
- V-234406
- Rule IDs
-
- SV-234406r1213043_rule
Checks: C-37591r614228_chk
Verify the UEM server invalidates session identifiers upon user logout or other session termination. If the UEM server does not invalidate session identifiers upon user logout or other session termination, this is a finding.
Fix: F-37556r614229_fix
Configure the UEM server to invalidate session identifiers upon user logout or other session termination.
- RMF Control
- SC-23
- Severity
- M
- CCI
- CCI-001664
- Version
- SRG-APP-000223-UEM-000134
- Vuln IDs
-
- V-234407
- Rule IDs
-
- SV-234407r1213044_rule
Checks: C-37592r614231_chk
Verify the UEM server recognizes only system-generated session identifiers. If the UEM server does not recognize only system-generated session identifiers, this is a finding.
Fix: F-37557r614232_fix
Configure the UEM server to recognize only system-generated session identifiers.
- RMF Control
- SC-23
- Severity
- H
- CCI
- CCI-001188
- Version
- SRG-APP-000224-UEM-000135
- Vuln IDs
-
- V-234408
- Rule IDs
-
- SV-234408r1213045_rule
Checks: C-37593r614234_chk
Verify the UEM server generates unique session identifiers using a FIPS-validated RNG based on the DRBG algorithm. If the UEM server does not generate unique session identifiers using a FIPS-validated RNG based on the DRBG algorithm, this is a finding.
Fix: F-37558r614235_fix
Configure the UEM server to generate unique session identifiers using a FIPS-validated RNG based on the DRBG algorithm.
- RMF Control
- SC-24
- Severity
- M
- CCI
- CCI-001190
- Version
- SRG-APP-000225-UEM-000136
- Vuln IDs
-
- V-234409
- Rule IDs
-
- SV-234409r1213046_rule
Checks: C-37594r614237_chk
Verify the UEM server fails to a secure state if system initialization fails, shutdown fails, or aborts fail. If the UEM server does not fail to a secure state if system initialization fails, shutdown fails, or aborts fail, this is a finding.
Fix: F-37559r614238_fix
Configure the UEM server to fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
- RMF Control
- SC-24
- Severity
- M
- CCI
- CCI-001665
- Version
- SRG-APP-000226-UEM-000137
- Vuln IDs
-
- V-234410
- Rule IDs
-
- SV-234410r1213047_rule
Checks: C-37595r614240_chk
Verify the UEM server preserves any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes, in the event of a system failure. If the UEM server does not preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes, in the event of a system failure, this is a finding.
Fix: F-37560r617413_fix
Configure the UEM server to preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes, in the event of a system failure.
- RMF Control
- SI-10
- Severity
- M
- CCI
- CCI-001310
- Version
- SRG-APP-000251-UEM-000148
- Vuln IDs
-
- V-234421
- Rule IDs
-
- SV-234421r1213059_rule
Checks: C-37606r1213058_chk
Verify the UEM server checks the validity of all data inputs. If the UEM server does not check the validity of all data inputs, this is a finding.
Fix: F-37571r614274_fix
Configure the UEM server to check the validity of all data inputs.
- RMF Control
- SI-11
- Severity
- M
- CCI
- CCI-001312
- Version
- SRG-APP-000266-UEM-000151
- Vuln IDs
-
- V-234424
- Rule IDs
-
- SV-234424r1213062_rule
Checks: C-37609r614282_chk
Verify the UEM server generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. If the UEM server does not generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries, this is a finding.
Fix: F-37574r614283_fix
Configure the UEM server to generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
- RMF Control
- SI-11
- Severity
- M
- CCI
- CCI-001314
- Version
- SRG-APP-000267-UEM-000152
- Vuln IDs
-
- V-234425
- Rule IDs
-
- SV-234425r1213063_rule
Checks: C-37610r614285_chk
Verify the UEM server reveals error messages only to the ISSM and ISSO. If the UEM server does not reveal error messages only to the ISSM and ISSO, this is a finding.
Fix: F-37575r614286_fix
Configure the UEM server to reveal error messages only to the ISSM and ISSO.
- RMF Control
- SI-6
- Severity
- M
- CCI
- CCI-001294
- Version
- SRG-APP-000275-UEM-000157
- Vuln IDs
-
- V-234430
- Rule IDs
-
- SV-234430r1213067_rule
Checks: C-37615r614300_chk
Verify the UEM server notifies the ISSO and ISSM of failed security verification tests. If the UEM server does not notify the ISSO and ISSM of failed security verification tests, this is a finding.
Fix: F-37580r614301_fix
Configure the UEM server to notify the ISSO and ISSM of failed security verification tests.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000015
- Version
- SRG-APP-000291-UEM-000165
- Vuln IDs
-
- V-234438
- Rule IDs
-
- SV-234438r1213075_rule
Checks: C-37623r1213074_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server notify SAs and ISSO when accounts are created. If the UEM server does not notify SAs and the ISSO when accounts are created, this is a finding.
Fix: F-37588r985704_fix
Configure the UEM server to notify SA and the ISSO when accounts are created.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000015
- Version
- SRG-APP-000292-UEM-000166
- Vuln IDs
-
- V-234439
- Rule IDs
-
- SV-234439r1213077_rule
Checks: C-37624r1213076_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server notifies SAs and the ISSO when accounts are modified. If the UEM server does not notify SAs and the ISSO when accounts are modified, this is a finding.
Fix: F-37589r985707_fix
Configure the UEM server to notify SAs and the ISSO when accounts are modified.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000015
- Version
- SRG-APP-000293-UEM-000167
- Vuln IDs
-
- V-234440
- Rule IDs
-
- SV-234440r1213079_rule
Checks: C-37625r1213078_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server notifies SAs and the ISSO for account disabling actions. If the UEM server does not notify SAs and the ISSO for account disabling actions, this is a finding.
Fix: F-37590r985710_fix
Configure the UEM server to notify SAs and the ISSO for account disabling actions.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000015
- Version
- SRG-APP-000294-UEM-000168
- Vuln IDs
-
- V-234441
- Rule IDs
-
- SV-234441r1213081_rule
Checks: C-37626r1213080_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server notifies SAs and the ISSO for account removal actions. If the UEM server does not notify SAs and the ISSO for account removal actions, this is a finding.
Fix: F-37591r985713_fix
Configure the UEM server to notify SAs and the ISSO for account removal actions.
- RMF Control
- AC-12
- Severity
- M
- CCI
- CCI-002361
- Version
- SRG-APP-000295-UEM-000169
- Vuln IDs
-
- V-234442
- Rule IDs
-
- SV-234442r1213082_rule
Checks: C-37627r614336_chk
Verify the UEM server automatically terminates a user session after an organization-defined period of user inactivity. If the UEM server does not automatically terminate a user session after an organization-defined period of user inactivity, this is a finding.
Fix: F-37592r614337_fix
Configure the UEM server to automatically terminate a user session after an organization-defined period of user inactivity.
- RMF Control
- AC-12
- Severity
- M
- CCI
- CCI-002363
- Version
- SRG-APP-000296-UEM-000170
- Vuln IDs
-
- V-234443
- Rule IDs
-
- SV-234443r1213083_rule
Checks: C-37628r614339_chk
Verify the UEM server provides a logout capability for user-initiated communication sessions. If the UEM server does not provide a logout capability for user-initiated communication sessions, this is a finding.
Fix: F-37593r614340_fix
Configure the UEM server to provide a logout capability for user-initiated communication sessions.
- RMF Control
- AC-12
- Severity
- M
- CCI
- CCI-002364
- Version
- SRG-APP-000297-UEM-000171
- Vuln IDs
-
- V-234444
- Rule IDs
-
- SV-234444r1213084_rule
Checks: C-37629r614342_chk
Verify the UEM server displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions. If the UEM server does not display an explicit logout message to users indicating the reliable termination of authenticated communications sessions, this is a finding.
Fix: F-37594r614343_fix
Configure the UEM server to display an explicit logout message to users indicating the reliable termination of authenticated communications sessions.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-002130
- Version
- SRG-APP-000319-UEM-000192
- Vuln IDs
-
- V-234465
- Rule IDs
-
- SV-234465r1213106_rule
Checks: C-37650r1213105_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically audits account enabling actions. If the UEM server does not automatically audit account enabling actions, this is a finding.
Fix: F-37615r614406_fix
Configure the UEM server to automatically audit account enabling actions.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000015
- Version
- SRG-APP-000320-UEM-000193
- Vuln IDs
-
- V-234466
- Rule IDs
-
- SV-234466r1213108_rule
Checks: C-37651r1213107_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server notifies the SA and the ISSO of account enabling actions. If the UEM server does not notify the SA and the ISSO of account enabling actions, this is a finding.
Fix: F-37616r985717_fix
Configure the UEM server to notify SA and the ISSO of account enabling actions.
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SRG-APP-000329-UEM-000202
- Vuln IDs
-
- V-234475
- Rule IDs
-
- SV-234475r1213117_rule
Checks: C-37660r615068_chk
Verify the UEM server has at least one user in defined administrator roles. If the UEM server does not have at least one user in defined administrator roles, this is a finding.
Fix: F-37625r615069_fix
Configure the UEM server to have at least one user in defined administrator roles.
- RMF Control
- AC-6
- Severity
- M
- CCI
- CCI-002234
- Version
- SRG-APP-000343-UEM-000216
- Vuln IDs
-
- V-234489
- Rule IDs
-
- SV-234489r1213130_rule
Checks: C-37674r615110_chk
Verify the UEM server audits the execution of privileged functions. If the UEM server does not audit the execution of privileged functions, this is a finding.
Fix: F-37639r615111_fix
Configure the UEM server to audit the execution of privileged functions.
- RMF Control
- AC-7
- Severity
- M
- CCI
- CCI-002238
- Version
- SRG-APP-000345-UEM-000218
- Vuln IDs
-
- V-234491
- Rule IDs
-
- SV-234491r1213133_rule
Checks: C-37676r1213132_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server automatically locks the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded. If the UEM server does not automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded, this is a finding.
Fix: F-37641r615117_fix
Configure the UEM server to automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.
- RMF Control
- AU-4
- Severity
- M
- CCI
- CCI-001851
- Version
- SRG-APP-000358-UEM-000228
- Vuln IDs
-
- V-234500
- Rule IDs
-
- SV-234500r1213141_rule
Checks: C-37685r851564_chk
Verify the UEM server transfers UEM server logs to another server for storage, analysis, and reporting. If the UEM server does not transfer UEM server logs to another server for storage, analysis, and reporting, this is a finding. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
Fix: F-37650r615144_fix
Configure the UEM server to be configured to transfer UEM server logs to another server for storage, analysis, and reporting. Note: UEM server logs include logs of UEM events and logs transferred to the UEM server by UEM agents of managed devices.
- RMF Control
- AU-8
- Severity
- M
- CCI
- CCI-001890
- Version
- SRG-APP-000374-UEM-000244
- Vuln IDs
-
- V-234516
- Rule IDs
-
- SV-234516r1213157_rule
Checks: C-37701r615191_chk
Verify the UEM server records time stamps for audit records that can be mapped to UTC or GMT. If the UEM server does not record time stamps for audit records that can be mapped to UTC or GMT, this is a finding.
Fix: F-37666r615192_fix
Configure the UEM server to be configured to record time stamps for audit records that can be mapped to UTC or GMT.
- RMF Control
- AU-8
- Severity
- M
- CCI
- CCI-001889
- Version
- SRG-APP-000375-UEM-000245
- Vuln IDs
-
- V-234517
- Rule IDs
-
- SV-234517r1213158_rule
Checks: C-37702r851582_chk
Verify the UEM server records time stamps for audit records that meet a granularity of one second for a minimum degree of precision. If the UEM server does not record time stamps for audit records that meet a granularity of one second for a minimum degree of precision, this is a finding.
Fix: F-37667r615195_fix
Configure the UEM server to be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
- RMF Control
- Severity
- M
- CCI
- CCI-003980
- Version
- SRG-APP-000378-UEM-000248
- Vuln IDs
-
- V-234520
- Rule IDs
-
- SV-234520r1213160_rule
Checks: C-37705r851587_chk
Verify the UEM server prohibits user installation of software by an administrator without the appropriate assigned permission for software installation. If the UEM server does not prohibit user installation of software by an administrator without the appropriate assigned permission for software installation, this is a finding.
Fix: F-37670r615204_fix
Configure the UEM server to prohibit user installation of software by an administrator without the appropriate assigned permission for software installation.
- RMF Control
- Severity
- M
- CCI
- CCI-003980
- Version
- SRG-APP-000378-UEM-000249
- Vuln IDs
-
- V-234521
- Rule IDs
-
- SV-234521r1213161_rule
Checks: C-37706r851589_chk
Verify the UEM server allows only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications. If the UEM server does not allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications, this is a finding.
Fix: F-37671r615207_fix
Configure the UEM server to allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001813
- Version
- SRG-APP-000380-UEM-000251
- Vuln IDs
-
- V-234523
- Rule IDs
-
- SV-234523r1213163_rule
Checks: C-37708r615212_chk
Verify the UEM server enforces access restrictions associated with changes to the server configuration. If the UEM server does not enforce access restrictions associated with changes to the server configuration, this is a finding.
Fix: F-37673r615213_fix
Configure the UEM server to enforce access restrictions associated with changes to the server configuration.
- RMF Control
- Severity
- M
- CCI
- CCI-003938
- Version
- SRG-APP-000381-UEM-000252
- Vuln IDs
-
- V-234524
- Rule IDs
-
- SV-234524r1213164_rule
Checks: C-37709r851593_chk
Verify the UEM server audits the enforcement actions used to restrict access associated with changes to the application. If the UEM server does not audit the enforcement actions used to restrict access associated with changes to the application, this is a finding.
Fix: F-37674r615216_fix
Configure the UEM server to audit the enforcement actions used to restrict access associated with changes to the application.
- RMF Control
- CM-7
- Severity
- M
- CCI
- CCI-001762
- Version
- SRG-APP-000383-UEM-000254
- Vuln IDs
-
- V-234526
- Rule IDs
-
- SV-234526r1213166_rule
Checks: C-37711r1208093_chk
Verify the UEM server disables organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or nonsecure. If the UEM server does not disable organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or nonsecure, this is a finding.
Fix: F-37676r1208094_fix
Configure the UEM server to disable organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or nonsecure.
- RMF Control
- IA-3
- Severity
- H
- CCI
- CCI-001967
- Version
- SRG-APP-000395-UEM-000266
- Vuln IDs
-
- V-234538
- Rule IDs
-
- SV-234538r1213177_rule
Checks: C-37723r1208096_chk
Verify the UEM server establishes a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated AES cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed. If the UEM server does not establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated AES cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed, this is a finding.
Fix: F-37688r1208153_fix
Configure the UEM server to establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated AES cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed.
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-002007
- Version
- SRG-APP-000400-UEM-000271
- Vuln IDs
-
- V-234543
- Rule IDs
-
- SV-234543r1213182_rule
Checks: C-37728r1213181_chk
Requirement is Not Applicable when the UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server prohibits the use of cached authenticators after an organization-defined time period. If the UEM server does not prohibit the use of cached authenticators after an organization-defined time period, this is a finding.
Fix: F-37693r615273_fix
Configure the UEM server to prohibit the use of cached authenticators after an organization-defined time period.
- RMF Control
- Severity
- M
- CCI
- CCI-004068
- Version
- SRG-APP-000401-UEM-000272
- Vuln IDs
-
- V-234544
- Rule IDs
-
- SV-234544r1213183_rule
Checks: C-37729r851619_chk
Verify the UEM server, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If the UEM server, for PKI-based authentication, does not implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, this is a finding.
Fix: F-37694r615276_fix
Configure the UEM server to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network for PKI-based authentication.
- RMF Control
- MA-4
- Severity
- H
- CCI
- CCI-003123
- Version
- SRG-APP-000412-UEM-000283
- Vuln IDs
-
- V-234555
- Rule IDs
-
- SV-234555r1213194_rule
Checks: C-37740r851630_chk
Verify the UEM server web management tools use a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions. If the UEM server web management tools do not use FIPS-validated Advanced Encryption Standard (AES) cipher block algorithms to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions, this is a finding.
Fix: F-37705r615309_fix
Configure the UEM server web management tools with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.
- RMF Control
- MA-4
- Severity
- M
- CCI
- CCI-002891
- Version
- SRG-APP-000413-UEM-000284
- Vuln IDs
-
- V-234556
- Rule IDs
-
- SV-234556r1213195_rule
Checks: C-37741r851632_chk
Verify the UEM server verifies remote disconnection when non-local maintenance and diagnostic sessions are terminated. If the UEM server does not verify remote disconnection when non-local maintenance and diagnostic sessions are terminated, this is a finding.
Fix: F-37706r615312_fix
Configure the UEM server to verify remote disconnection when non-local maintenance and diagnostic sessions are terminated.
- RMF Control
- SC-23
- Severity
- M
- CCI
- CCI-002470
- Version
- SRG-APP-000427-UEM-000298
- Vuln IDs
-
- V-234573
- Rule IDs
-
- SV-234573r1213211_rule
Checks: C-37758r1213209_chk
Verify the UEM server allows only DoW-PKI established certificate authorities for verification of the establishment of protected sessions. If the UEM server does not allow only DoW-PKI established certificate authorities for verification of the establishment of protected sessions, this is a finding.
Fix: F-37723r1213210_fix
Configure the UEM server to allow only DoW-PKI established certificate authorities for verification of the establishment of protected sessions.
- RMF Control
- SC-23
- Severity
- M
- CCI
- CCI-002470
- Version
- SRG-APP-000427-UEM-000299
- Vuln IDs
-
- V-234574
- Rule IDs
-
- SV-234574r1213212_rule
Checks: C-37759r615356_chk
Verify the UEM server uses X.509v3 certificates for code signing for system software updates. If the UEM server does not use X.509v3 certificates for code signing for system software updates, this is a finding.
Fix: F-37724r615357_fix
Configure the UEM server to use X.509v3 certificates for code signing for system software updates.
- RMF Control
- SC-23
- Severity
- M
- CCI
- CCI-002470
- Version
- SRG-APP-000427-UEM-000300
- Vuln IDs
-
- V-234575
- Rule IDs
-
- SV-234575r1213213_rule
Checks: C-37760r615359_chk
Verify the UEM server uses X.509v3 certificates for code signing for integrity verification. If the UEM server does not use X.509v3 certificates for code signing for integrity verification, this is a finding.
Fix: F-37725r615360_fix
Configure the UEM server to use X.509v3 certificates for code signing for integrity verification.
- RMF Control
- SC-8
- Severity
- H
- CCI
- CCI-002418
- Version
- SRG-APP-000439-UEM-000313
- Vuln IDs
-
- V-234588
- Rule IDs
-
- SV-234588r1213226_rule
Checks: C-37773r851661_chk
Verify the UEM server connects to applications and managed mobile devices with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information. If the UEM server does not connect to applications and managed mobile devices with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information, this is a finding.
Fix: F-37738r615399_fix
Configure the UEM server to connect to applications and managed mobile devices with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
- RMF Control
- SI-10
- Severity
- M
- CCI
- CCI-002754
- Version
- SRG-APP-000447-UEM-000321
- Vuln IDs
-
- V-234596
- Rule IDs
-
- SV-234596r1213234_rule
Checks: C-37781r615422_chk
Verify the UEM server writes to the server event log when invalid inputs are received. If the UEM server does not write to the server event log when invalid inputs are received, this is a finding.
Fix: F-37746r615423_fix
Configure the UEM server to write to the server event log when invalid inputs are received.
- RMF Control
- SI-2
- Severity
- M
- CCI
- CCI-002617
- Version
- SRG-APP-000454-UEM-000328
- Vuln IDs
-
- V-234603
- Rule IDs
-
- SV-234603r1213241_rule
Checks: C-37788r615443_chk
Verify the UEM server removes old software components after updated versions have been installed. If the UEM server does not remove old software components after updated versions have been installed, this is a finding.
Fix: F-37753r615444_fix
Configure the UEM server to remove old software components after updated versions have been installed.
- RMF Control
- SI-2
- Severity
- H
- CCI
- CCI-002605
- Version
- SRG-APP-000456-UEM-000330
- Vuln IDs
-
- V-234605
- Rule IDs
-
- SV-234605r1213243_rule
Checks: C-37790r1137994_chk
Verify the UEM server installs security-relevant software updates within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, STIGs). If it does not install security-relevant software updates within 30 days unless the time period is directed by an authoritative source, this is a finding.
Fix: F-37755r1137995_fix
Install security-relevant software updates on the UEM Server within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, STIGs).
- RMF Control
- SI-6
- Severity
- M
- CCI
- CCI-002696
- Version
- SRG-APP-000472-UEM-000347
- Vuln IDs
-
- V-234622
- Rule IDs
-
- SV-234622r1213259_rule
Checks: C-37807r851696_chk
Verify the UEM server is configured with the periodicity of the following commands to the agent of six hours or less: - query connectivity status; - query the current version of the managed device firmware/software; - query the current version of installed mobile applications; - read audit logs kept by the managed device. If the UEM server is not configured with the periodicity of the following commands to the agent of six hours or less: - query connectivity status; - query the current version of the managed device firmware/software; - query the current version of installed mobile applications; - read audit logs kept by the managed device, this is a finding.
Fix: F-37772r1208155_fix
Configure the UEM server with the periodicity of the following commands to the agent of six hours or less: - query connectivity status; - query the current version of the managed device firmware/software; - query the current version of installed mobile applications; - read audit logs kept by the managed device.
- RMF Control
- SI-6
- Severity
- M
- CCI
- CCI-002699
- Version
- SRG-APP-000473-UEM-000348
- Vuln IDs
-
- V-234623
- Rule IDs
-
- SV-234623r1213260_rule
Checks: C-37808r851699_chk
Verify the UEM server runs a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server. If the UEM server does not run a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server, this is a finding.
Fix: F-37773r615504_fix
Configure the UEM server to run a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server.
- RMF Control
- SI-6
- Severity
- M
- CCI
- CCI-002702
- Version
- SRG-APP-000474-UEM-000349
- Vuln IDs
-
- V-234624
- Rule IDs
-
- SV-234624r1213261_rule
Checks: C-37809r1208107_chk
Verify the UEM server alerts the SA when anomalies in the operation of security functions are discovered. If the UEM server does not alert the SA when anomalies in the operation of security functions are discovered, this is a finding.
Fix: F-37774r1208108_fix
Configure the UEM server to alert the SA when anomalies in the operation of security functions are discovered.
- RMF Control
- SI-7
- Severity
- M
- CCI
- CCI-002740
- Version
- SRG-APP-000479-UEM-000354
- Vuln IDs
-
- V-234629
- Rule IDs
-
- SV-234629r1213266_rule
Checks: C-37814r851707_chk
Verify the UEM server verifies software updates to the server using a digital signature mechanism prior to installing those updates. If the UEM server does not verify software updates to the server using a digital signature mechanism prior to installing those updates, this is a finding.
Fix: F-37779r615522_fix
Configure the UEM server to verify software updates to the server using a digital signature mechanism prior to installing those updates.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000492-UEM-000367
- Vuln IDs
-
- V-234642
- Rule IDs
-
- SV-234642r1213279_rule
Checks: C-37827r1208110_chk
Verify the UEM server generates audit records when successful/unsuccessful attempts to access security objects occur. If the UEM server does not generate audit records when successful/unsuccessful attempts to access security objects occur, this is a finding.
Fix: F-37792r615561_fix
Configure the UEM server to generate audit records when successful/unsuccessful attempts to access security objects occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000495-UEM-000370
- Vuln IDs
-
- V-234645
- Rule IDs
-
- SV-234645r1213282_rule
Checks: C-37830r1208112_chk
Verify the UEM server generates audit records when successful/unsuccessful attempts to modify privileges occur. If the UEM server does not generate audit records when successful/unsuccessful attempts to modify privileges occur, this is a finding.
Fix: F-37795r615570_fix
Configure the UEM server to generate audit records when successful/unsuccessful attempts to modify privileges occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000496-UEM-000371
- Vuln IDs
-
- V-234646
- Rule IDs
-
- SV-234646r1213283_rule
Checks: C-37831r1208114_chk
Verify the UEM server generates audit records when successful/unsuccessful attempts to modify security objects occur. If the UEM server does not generate audit records when successful/unsuccessful attempts to modify security objects occur, this is a finding.
Fix: F-37796r615573_fix
Configure the UEM server to generate audit records when successful/unsuccessful attempts to modify security objects occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000499-UEM-000374
- Vuln IDs
-
- V-234649
- Rule IDs
-
- SV-234649r1213286_rule
Checks: C-37834r615581_chk
Verify the UEM server generates audit records when successful/unsuccessful attempts to delete privileges occur. If the UEM server does not generate audit records when successful/unsuccessful attempts to delete privileges occur, this is a finding.
Fix: F-37799r615582_fix
Configure the UEM server to generate audit records when successful/unsuccessful attempts to delete privileges occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000501-UEM-000376
- Vuln IDs
-
- V-234651
- Rule IDs
-
- SV-234651r1213288_rule
Checks: C-37836r1208117_chk
Verify the UEM server generates audit records when successful/unsuccessful attempts to delete security objects occur. If the UEM server does not generate audit records when successful/unsuccessful attempts to delete security objects occur, this is a finding.
Fix: F-37801r615588_fix
Configure the UEM server to generate audit records when successful/unsuccessful attempts to delete security objects occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000503-UEM-000378
- Vuln IDs
-
- V-234653
- Rule IDs
-
- SV-234653r1213290_rule
Checks: C-37838r615593_chk
Verify the UEM server generates audit records when successful/unsuccessful logon attempts occur. If the UEM server does not generate audit records when successful/unsuccessful logon attempts occur, this is a finding.
Fix: F-37803r615594_fix
Configure the UEM server to generate audit records when successful/unsuccessful logon attempts occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000504-UEM-000379
- Vuln IDs
-
- V-234654
- Rule IDs
-
- SV-234654r1213291_rule
Checks: C-37839r615596_chk
Verify the UEM server generates audit records for privileged activities or other system-level access. If the UEM server does not generate audit records for privileged activities or other system-level access, this is a finding.
Fix: F-37804r615597_fix
Configure the UEM server to generate audit records for privileged activities or other system-level access.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000505-UEM-000380
- Vuln IDs
-
- V-234655
- Rule IDs
-
- SV-234655r1213292_rule
Checks: C-37840r615599_chk
Verify the UEM server generates audit records showing starting and ending time for user access to the system. If the UEM server does not generate audit records showing starting and ending time for user access to the system, this is a finding.
Fix: F-37805r615600_fix
Configure the UEM server to generate audit records showing starting and ending time for user access to the system.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000506-UEM-000381
- Vuln IDs
-
- V-234656
- Rule IDs
-
- SV-234656r1213293_rule
Checks: C-37841r615602_chk
Verify the UEM server generates audit records when concurrent logons from different workstations occur. If the UEM server does not generate audit records when concurrent logons from different workstations occur, this is a finding.
Fix: F-37806r615603_fix
Configure the UEM server to generate audit records when concurrent logons from different workstations occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000507-UEM-000382
- Vuln IDs
-
- V-234657
- Rule IDs
-
- SV-234657r1213294_rule
Checks: C-37842r615605_chk
Verify the UEM server generates audit records when successful/unsuccessful accesses to objects occur. If the UEM server does not generate audit records when successful/unsuccessful accesses to objects occur, this is a finding.
Fix: F-37807r615606_fix
Configure the UEM server to generate audit records when successful/unsuccessful accesses to objects occur.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000508-UEM-000383
- Vuln IDs
-
- V-234658
- Rule IDs
-
- SV-234658r1213295_rule
Checks: C-37843r615608_chk
Verify the UEM server generates audit records for all direct access to the information system. If the UEM server does not generate audit records for all direct access to the information system, this is a finding.
Fix: F-37808r615609_fix
Configure the UEM server to generate audit records for all direct access to the information system.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SRG-APP-000509-UEM-000384
- Vuln IDs
-
- V-234659
- Rule IDs
-
- SV-234659r1213297_rule
Checks: C-37844r1213296_chk
Requirement is Not Applicable when UEM server is configured to use DoW Central Directory Service for administrator account authentication. Verify the UEM server generates audit records for all account creations, modifications, disabling, and termination events. If the UEM server does not generate audit records for all account creations, modifications, disabling, and termination events, this is a finding.
Fix: F-37809r615612_fix
Configure the UEM server to generate audit records for all account creations, modifications, disabling, and termination events.
- RMF Control
- SC-13
- Severity
- H
- CCI
- CCI-002450
- Version
- SRG-APP-000514-UEM-000389
- Vuln IDs
-
- V-234664
- Rule IDs
-
- SV-234664r1213302_rule
Checks: C-37849r615626_chk
Verify the UEM server uses a FIPS-validated cryptographic module to generate cryptographic hashes. If the UEM server does not use a FIPS-validated cryptographic module to generate cryptographic hashes, this is a finding.
Fix: F-37814r615627_fix
Configure the UEM server to use a FIPS-validated cryptographic module to generate cryptographic hashes.
- RMF Control
- AU-4
- Severity
- M
- CCI
- CCI-001851
- Version
- SRG-APP-000515-UEM-000390
- Vuln IDs
-
- V-234665
- Rule IDs
-
- SV-234665r1213303_rule
Checks: C-37850r851724_chk
Verify the UEM server, at a minimum, off-loads audit logs of interconnected systems in real time and off-load standalone systems weekly. If the UEM server does not off-load audit logs of interconnected systems in real time and off-load standalone systems weekly, this is a finding.
Fix: F-37815r615630_fix
Configure the UEM server to, at a minimum, off-load audit logs of interconnected systems in real time and off-load standalone systems weekly.
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SRG-APP-000516-UEM-000391
- Vuln IDs
-
- V-234666
- Rule IDs
-
- SV-234666r1213306_rule
Checks: C-37851r1213304_chk
Verify the UEM server is configured in accordance with the security configuration settings based on DoW security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. If the UEM server is not configured in accordance with the security configuration settings based on DoW security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs, this is a finding.
Fix: F-37816r1213305_fix
Configure the UEM server in accordance with the security configuration settings based on DoW security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SRG-APP-000516-UEM-000392
- Vuln IDs
-
- V-234667
- Rule IDs
-
- SV-234667r1213307_rule
Checks: C-37852r615635_chk
Verify the UEM server allows authorized administrators to read all audit data from audit records on the server. If the UEM server does not allow authorized administrators to read all audit data from audit records on the server, this is a finding.
Fix: F-37817r615636_fix
Configure the UEM server to allow authorized administrators to read all audit data from audit records on the server.
- RMF Control
- SC-13
- Severity
- H
- CCI
- CCI-002450
- Version
- SRG-APP-000555-UEM-000393
- Vuln IDs
-
- V-234668
- Rule IDs
-
- SV-234668r1213308_rule
Checks: C-37853r1208130_chk
Verify FIPS 140-3 mode has been implemented on the UEM server for all server and agent encryption. If FIPS 140-3 mode has not been implemented on the UEM server for all server and agent encryption, this is a finding.
Fix: F-37818r1208131_fix
Configure the UEM server to implement FIPS 140-3 mode for all server and agent encryption.
- RMF Control
- AC-17
- Severity
- M
- CCI
- CCI-001453
- Version
- SRG-APP-000560-UEM-000394
- Vuln IDs
-
- V-234669
- Rule IDs
-
- SV-234669r1213309_rule
Checks: C-37854r1208133_chk
Verify the UEM server is configured to prohibit client negotiation to TLS 1.2, SSL 2.0, or SSL 3.0. If the UEM server is not configured to prohibit client negotiation to TLS 1.2, SSL 2.0, or SSL 3.0, this is a finding.
Fix: F-37819r1208134_fix
Configure the UEM server to prohibit client negotiation to TLS 1.2, SSL 2.0, or SSL 3.0.
- RMF Control
- IA-3
- Severity
- M
- CCI
- CCI-001967
- Version
- SRG-APP-000580-UEM-000398
- Vuln IDs
-
- V-234673
- Rule IDs
-
- SV-234673r1213313_rule
Checks: C-37858r851729_chk
Verify the UEM server authenticates endpoint devices (servers) before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. If the UEM server does not authenticate endpoint devices (servers) before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based, this is a finding.
Fix: F-37823r615654_fix
Configure the UEM server to authenticate endpoint devices (servers) before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
- RMF Control
- IA-3
- Severity
- M
- CCI
- CCI-001967
- Version
- SRG-APP-000585-UEM-000399
- Vuln IDs
-
- V-234674
- Rule IDs
-
- SV-234674r1213314_rule
Checks: C-37859r851731_chk
Verify cipher suites using pre-shared keys are for device authentication have a minimum security strength of 112 bits or higher. If cipher suites using pre-shared keys are for device authentication do not have a minimum security strength of 112 bits or higher, this is a finding.
Fix: F-37824r615657_fix
If cipher suites using pre-shared keys are used for device authentication, configure the UEM server to have a minimum security strength of 112 bits or higher.
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000185
- Version
- SRG-APP-000605-UEM-000401
- Vuln IDs
-
- V-234676
- Rule IDs
-
- SV-234676r1213316_rule
Checks: C-37861r1208138_chk
Verify the UEM server validates certificates used for TLS functions by performing RFC 5280-compliant certification path validation. If the UEM server does not validate certificates used for TLS functions by performing RFC 5280-compliant certification path validation, this is a finding.
Fix: F-37826r615663_fix
Configure the UEM server to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation.
- RMF Control
- IA-7
- Severity
- H
- CCI
- CCI-000803
- Version
- SRG-APP-000610-UEM-000402
- Vuln IDs
-
- V-234677
- Rule IDs
-
- SV-234677r1213317_rule
Checks: C-37862r1208140_chk
Verify the UEM server uses FIPS-validated SHA-256 or higher hash function for digital signature generation and verification. If the UEM server does not use FIPS-validated SHA-256 or higher hash function for digital signature generation and verification, this is a finding.
Fix: F-37827r615666_fix
Configure the UEM server to use FIPS-validated SHA-256 or higher hash function for digital signature generation and verification.
- RMF Control
- SC-23
- Severity
- H
- CCI
- CCI-002470
- Version
- SRG-APP-000427-UEM-000500
- Vuln IDs
-
- V-256892
- Rule IDs
-
- SV-256892r1213323_rule
Checks: C-60567r891313_chk
Verify the UEM server is signing all policy updates sent to the UEM Agent with validated certificates. If the UEM server is not signing all policy updates sent to the UEM Agent with validated certificates, this is a finding.
Fix: F-60510r891311_fix
Configure the UEM server to sign all policy updates sent to the UEM Agent with validated certificates.
- RMF Control
- SC-23
- Severity
- H
- CCI
- CCI-002470
- Version
- SRG-APP-000427-UEM-000501
- Vuln IDs
-
- V-264368
- Rule IDs
-
- SV-264368r1213324_rule
Checks: C-68282r1208142_chk
Verify the server is configured to sign policies and policy updates using [selection: an X509 certificate, a public key provisioned to the agent] trusted by the agent for policy verification. If the UEM server is not signing all policy updates using [selection: an X509 certificate, a public key provisioned to the agent] trusted by the agent for policy verification, this is a finding.
Fix: F-68190r985736_fix
Configure the UEM server to sign policies and policy updates using [selection: an X509 certificate, a public key provisioned to the agent] trusted by the agent for policy verification.
- RMF Control
- SC-23
- Severity
- H
- CCI
- CCI-002470
- Version
- SRG-APP-000427-UEM-000502
- Vuln IDs
-
- V-264369
- Rule IDs
-
- SV-264369r1213325_rule
Checks: C-68283r985779_chk
Verify the UEM server, for each unique policy managed, validates the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy]. If the UEM server does not validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy, this is a finding.
Fix: F-68191r1208157_fix
Configure the IUEM server, for each unique policy managed, to validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy].
- RMF Control
- SA-22
- Severity
- H
- CCI
- CCI-003376
- Version
- SRG-APP-001035-UEM-000408
- Vuln IDs
-
- V-279012
- Rule IDs
-
- SV-279012r1213326_rule
Checks: C-83560r1137997_chk
Verify the UEM server is a version supported by the vendor. If the UEM server is not a version supported by the vendor, this is a finding.
Fix: F-83465r1137998_fix
Upgrade or install a UEM server that is a version supported by the vendor.