STIGQter: STIG Summary: Unified Endpoint Management Server Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

For UEM server using password authentication, the application must store only cryptographic representations of passwords.

DISA Rule

SV-234374r617355_rule

Vulnerability Number

V-234374

Group Title

SRG-APP-000171

Rule Version

SRG-APP-000171-UEM-000101

Severity

CAT II

CCI(s)

• CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

10

Fix Recommendation

For a UEM server using password authentication, configure the server to store only cryptographic representations of passwords.

Check Contents

If the UEM server is using password authentication, verify the server stores only cryptographic representations of passwords.

If the UEM server is using password authentication but does not store only cryptographic representations of passwords, this is a finding.

Vulnerability Number

V-234374

Documentable

False

Rule Version

SRG-APP-000171-UEM-000101

Severity Override Guidance

If the UEM server is using password authentication, verify the server stores only cryptographic representations of passwords.

If the UEM server is using password authentication but does not store only cryptographic representations of passwords, this is a finding.

Check Content Reference

M

Target Key

5269

Comments