STIGQter: STIG Summary: Unified Endpoint Management Agent Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The UEM Agent must provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events: -successful application of policies to a mobile device -receiving or generating periodic reachability events -change in enrollment state -failure to install an application from the UEM Server -failure to update an application from the UEM Server.

DISA Rule

SV-234235r617416_rule

Vulnerability Number

V-234235

Group Title

SRG-APP-000089

Rule Version

SRG-APP-000089-UEM-100002

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure the UEM Agent to provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events:
-successful application of policies to a mobile device
-receiving or generating periodic reachability events
-change in enrollment state
-failure to install an application from the UEM Server
-failure to update an application from the UEM Server.

Check Contents

Verify the UEM Agent provides an alert via the trusted channel to the UEM Server in the event of any of the following audit events:
-successful application of policies to a mobile device
-receiving or generating periodic reachability events
-change in enrollment state
-failure to install an application from the UEM Server
-failure to update an application from the UEM Server.

If the UEM Agent does not provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events:
-successful application of policies to a mobile device
-receiving or generating periodic reachability events
-change in enrollment state
-failure to install an application from the UEM Server
-failure to update an application from the UEM Server
this is a finding.

Vulnerability Number

V-234235

Documentable

False

Rule Version

SRG-APP-000089-UEM-100002

Severity Override Guidance

Verify the UEM Agent provides an alert via the trusted channel to the UEM Server in the event of any of the following audit events:
-successful application of policies to a mobile device
-receiving or generating periodic reachability events
-change in enrollment state
-failure to install an application from the UEM Server
-failure to update an application from the UEM Server.

If the UEM Agent does not provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events:
-successful application of policies to a mobile device
-receiving or generating periodic reachability events
-change in enrollment state
-failure to install an application from the UEM Server
-failure to update an application from the UEM Server
this is a finding.

Check Content Reference

M

Target Key

5262

Comments