UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The UEM server must be configured to use DoD PKI for multifactor authentication. This requirement is included in SRG-APP-000149.


Overview

Finding ID Version Rule ID IA Controls Severity
V-234361 SRG-APP-000154-UEM-000088 SV-234361r879595_rule Medium
Description
Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device. Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-based or challenge-response authenticators and smart cards, such as the U.S. Government Personal Identity Verification card and the DoD common access card. A privileged account is any information system account with authorizations of a privileged user. Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection.
STIG Date
Unified Endpoint Management Server Security Requirements Guide 2023-02-13

Details

Check Text ( C-37546r614093_chk )
Verify the UEM server uses DoD PKI for multifactor authentication.

If the UEM server does not use DoD PKI for multifactor authentication, this is a finding.
Fix Text (F-37511r614094_fix)
Configure the UEM server to use DoD PKI for multifactor authentication.