Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
When the Jamf Pro EMM server cannot establish a connection to determine the validity of a certificate, the server must not have the option to accept the certificate.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-99567 | JAMF-10-000040 | SV-108671r1_rule | Medium |
| Description |
|---|
| When a Jamf Pro EMM server accepts an unverified certificate, it may be trusting a malicious actor. For example, messages signed with an invalid certificate may contain links to malware, which could lead to the installation or distribution of that malware on DoD information systems, leading to compromise of DoD sensitive information and other attacks. SFR ID: FIA_X509_EXT.2.2 |
| STIG | Date |
|---|---|
| Jamf Pro v10.x EMM Security Technical Implementation Guide | 2020-02-04 |
Details
| Check Text ( C-98417r1_chk ) |
|---|
| Validate the Jamf Pro EMM server has been configured to not accept a certificate if the certificate cannot be validated. 1. Open the Jamf Pro EMM console. 2. Open "Settings". 3. Select "User-Initiated Enrollment". 4. Under the General tab, verify "Use a third-party signing certificate" is selected. 5. Verify the name and certificate extension of the DoD p12 certificate is listed. If the Jamf Pro EMM server has been not been configured to not accept a certificate if the certificate cannot be validated, this is a finding. |
| Fix Text (F-105251r1_fix) |
|---|
| Configure the Jamf Pro EMM server to not accept a certificate if the certificate cannot be validated. 1. Open the Jamf Pro EMM console. 2. Open "Settings". 3. Select "User-Initiated Enrollment". 4. Under the General tab, select "Use a third-party signing certificate". 5. Drag and drop the DoD p12 certificate. 6. Click "Save". |