UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall protecting the Workspace ONE UEM server must be configured so that only DoD-approved ports, protocols, and services are enabled. (See the DoD Ports, Protocols, Services Management [PPSM] Category Assurance Levels [CAL] list for DoD-approved ports, protocols, and services).


Overview

Finding ID Version Rule ID IA Controls Severity
V-221649 VMW1-00-200030 SV-221649r588007_rule Medium
Description
All ports, protocols, and services used on DoD networks must be approved and registered via the DoD PPSM process. This is to ensure that a risk assessment has been completed before a new port, protocol, or service is configured on a DoD network and has been approved by proper DoD authorities. Otherwise, the new port, protocol, or service could cause a vulnerability to the DoD network, which could be exploited by an adversary. Satisfies: SRG-APP-000142 SFR ID: FMT_SMF.1.1(2) b
STIG Date
VMware Workspace ONE UEM Security Technical Implementation Guide 2021-11-04

Details

Check Text ( C-23364r416785_chk )
Ask the MDM administrator for a list of ports, protocols, and services that have been configured on the host-based firewall of the MDM server or generate the list by inspecting the firewall. Verify all allowed ports, protocols, and services are included on the DoD PPSM CAL list.

If any allowed ports, protocols, and services on the MDM host-based firewall are not included on the DoD PPSM CAL list, this is a finding.
Fix Text (F-23353r416786_fix)
Turn off any ports, protocols, and services on the MDM host-based firewall that are not on the DoD PPSM CAL list.