STIGQter: STIG Summary: Unified Endpoint Management Agent Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The UEM Agent must only accept policies and policy updates that are digitally signed by a certificate that has been authorized for policy updates by the UEM Server.

DISA Rule

SV-234243r617354_rule

Vulnerability Number

V-234243

Group Title

SRG-APP-000427

Rule Version

SRG-APP-000427-UEM-100007

Severity

CAT II

CCI(s)

• CCI-002470 - The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Weight

10

Fix Recommendation

Configure the UEM Agent to only accept policies and policy updates that are digitally signed by a certificate that has been authorized for policy updates by the UEM Server.

Check Contents

Verify the UEM Agent only accepts policies and policy updates that are digitally signed by a certificate that has been authorized for policy updates by the UEM Server.

If the UEM Agent does not only accept policies and policy updates that are digitally signed by a certificate that has been authorized for policy updates by the UEM Server, this is a finding.

Vulnerability Number

V-234243

Documentable

False

Rule Version

SRG-APP-000427-UEM-100007

Severity Override Guidance

Verify the UEM Agent only accepts policies and policy updates that are digitally signed by a certificate that has been authorized for policy updates by the UEM Server.

If the UEM Agent does not only accept policies and policy updates that are digitally signed by a certificate that has been authorized for policy updates by the UEM Server, this is a finding.

Check Content Reference

M

Target Key

5262

Comments