| Checked | Name | Title |
|---|
| ☐ | SV-234235r617416_rule | The UEM Agent must provide an alert via the trusted channel to the UEM Server in the event of any of the following audit events:
-successful application of policies to a mobile device
-receiving or generating periodic reachability events
-change in enrollment state
-failure to install an application from the UEM Server
-failure to update an application from the UEM Server. |
| ☐ | SV-234236r617390_rule | The UEM Agent must generate a UEM Agent audit record of the following auditable events:-startup and shutdown of the UEM Agent-UEM policy updated-any modification commanded by the UEM Server. |
| ☐ | SV-234237r617354_rule | The UEM Agent must be configured to enable the following function: read audit logs of the managed endpoint device. |
| ☐ | SV-234238r617417_rule | The UEM Agent must record within each UEM Agent audit record the following information:
-date and time of the event
-type of event
-subject identity
-(if relevant) the outcome (success or failure) of the event. |
| ☐ | SV-234239r617354_rule | The UEM Agent must not install policies if the policy-signing certificate is deemed invalid. |
| ☐ | SV-234240r617354_rule | The UEM Agent must use managed endpoint device key storage for all persistent secret and private keys. |
| ☐ | SV-234241r617354_rule | The UEM Agent must queue alerts if the trusted channel is not available. |
| ☐ | SV-234242r617354_rule | The UEM Agent must be configured to enable the following function: transfer managed endpoint device audit logs read by the UEM Agent to an UEM server or third-party audit management server. |
| ☐ | SV-234243r617354_rule | The UEM Agent must only accept policies and policy updates that are digitally signed by a certificate that has been authorized for policy updates by the UEM Server. |
| ☐ | SV-234244r617354_rule | The UEM Agent must perform the following functions: Import the certificates to be used for authentication of UEM Agent communications. |
| ☐ | SV-234245r617354_rule | The UEM Agent must record the reference identifier of the UEM Server during the enrollment process. |
| ☐ | SV-234246r617392_rule | The UEM Agent must perform the following functions:
-enroll in management
-configure whether users can unenroll from management
-configure periodicity of reachability events. |
| ☐ | SV-234247r617393_rule | The UEM Agent must be configured to perform one of the following actions upon an attempt to unenroll the mobile device from management:
-prevent the unenrollment from occurring
-wipe the device to factory default settings
-wipe the work profile with all associated applications and data. |
| ☐ | SV-234248r617402_rule | All UEM Agent cryptography supporting DoD functionality must be FIPS 140-2 validated. |
STIGQter: STIG Summary: