An error occurred:

Check: SRG-APP-000378-UEM-000249

Unified Endpoint Management Agent SRG: SRG-APP-000378-UEM-000249 (in version v1 r0.1)

Title

The UEM server must be configured to only allow enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications. (Cat II impact)

Discussion

If the application install policy is not enforced, malicious applications and vulnerable applications can be installed on managed mobile devices, which could compromise DoD data.

Check Content

Verify the UEM server allows only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications. If the UEM server does not allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications, this is a finding.

Fix Text

Configure the UEM server to allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.

Additional Identifiers

Rule ID: SRG-APP-000378-UEM-000249_rule

Vulnerability ID: SRG-APP-000378-UEM-000249

Group Title: SRG-APP-000378-UEM-000249

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001812

The information system prohibits user installation of software without explicit privileged status.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check