STIGQter: STIG Summary: Unified Endpoint Management Server Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The UEM server must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

DISA Rule

SV-234366r617355_rule

Vulnerability Number

V-234366

Group Title

SRG-APP-000163

Rule Version

SRG-APP-000163-UEM-000093

Severity

CAT II

CCI(s)

• CCI-000795 - The organization manages information system identifiers by disabling the identifier after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure the UEM server to disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

Check Contents

Requirement is Not Applicable when UEM server is configured to use DoD Central Directory Service for administrator account authentication.

Verify the UEM server disables identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

If the UEM server does not disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity, this is a finding.

Vulnerability Number

V-234366

Documentable

False

Rule Version

SRG-APP-000163-UEM-000093

Severity Override Guidance

Requirement is Not Applicable when UEM server is configured to use DoD Central Directory Service for administrator account authentication.

Verify the UEM server disables identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

If the UEM server does not disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity, this is a finding.

Check Content Reference

M

Target Key

5269

Comments