STIGQter: STIG Summary: Unified Endpoint Management Server Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Before establishing a connection to any endpoint device being managed, the UEM server must establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device.

DISA Rule

SV-234538r617415_rule

Vulnerability Number

V-234538

Group Title

SRG-APP-000395

Rule Version

SRG-APP-000395-UEM-000266

Severity

CAT I

CCI(s)

• CCI-001967 - The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Weight

10

Fix Recommendation

Configure the UEM server to establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed.

Check Contents

Verify the UEM server establishes a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed.

If the UEM server does not establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed, this is a finding.

Vulnerability Number

V-234538

Documentable

False

Rule Version

SRG-APP-000395-UEM-000266

Severity Override Guidance

Verify the UEM server establishes a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed.

If the UEM server does not establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device before establishing a connection to any endpoint device being managed, this is a finding.

Check Content Reference

M

Target Key

5269

Comments