UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The UEM server, for each unique policy managed, must validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent] associated with a policy signing key uniquely associated with the policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-264369 SRG-APP-000427-UEM-000502 SV-264369r985781_rule High
Description
It is critical that the UEM server sign all policy updates with validated certificate or private keys. Otherwise, there is no assurance that a malicious actor has not inserted itself in the process of packaging the code or policy. This requirement focuses on communications protection for the application session rather than for the network packet. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and service-oriented architectures (SOAs). Satisfies: FMT_POL_EXT.1.3 Reference: PP-MDM-411071
STIG Date
Unified Endpoint Management Server Security Requirements Guide 2024-07-02

Details

Check Text ( C-68283r985779_chk )
Verify the UEM server, for each unique policy managed, validates the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy].

If the UEM server does not validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy, this is a finding.
Fix Text (F-68191r985780_fix)
Configure the IUEM server, for each unique policy managed, to validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy].