UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

When the UEM server cannot establish a connection to determine the validity of a certificate, the server must be configured not to have the option to accept the certificate.


Overview

Finding ID Version Rule ID IA Controls Severity
V-234379 SRG-APP-000175-UEM-000106 SV-234379r961038_rule Medium
Description
When an UEM server accepts an unverified certificate, it may be trusting a malicious actor. For example, messages signed with an invalid certificate may contain links to malware, which could lead to the installation or distribution of that malware on DoD information systems, leading to compromise of DoD sensitive information and other attacks. Satisfies:FIA_X509_EXT.2.2 Reference:PP-MDM-412003
STIG Date
Unified Endpoint Management Server Security Requirements Guide 2024-07-02

Details

Check Text ( C-37564r614147_chk )
Verify the UEM server does not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.

If the UEM server automatically accepts a certificate when it cannot establish a connection to determine the validity of a certificate, this is a finding.
Fix Text (F-37529r614148_fix)
Configure the UEM server to not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.