An error occurred:

Check: SRG-APP-000413-UEM-000284

Unified Endpoint Management Agent SRG: SRG-APP-000413-UEM-000284 (in version v1 r0.1)

Title

The UEM server must verify remote disconnection when non-local maintenance and diagnostic sessions are terminated. (Cat II impact)

Discussion

If the remote connection is not closed and verified as closed, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Remote connections must be disconnected and verified as disconnected when non-local maintenance sessions have been terminated and are no longer available for use.

Check Content

Verify the UEM server verifies remote disconnection when non-local maintenance and diagnostic sessions are terminated. If the UEM server does not verify remote disconnection when non-local maintenance and diagnostic sessions are terminated, this is a finding.

Fix Text

Configure the UEM server to verify remote disconnection when non-local maintenance and diagnostic sessions are terminated.

Additional Identifiers

Rule ID: SRG-APP-000413-UEM-000284_rule

Vulnerability ID: SRG-APP-000413-UEM-000284

Group Title: SRG-APP-000413-UEM-000284

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002891

Verify session and network connection termination after the completion of nonlocal maintenance and diagnostic sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
MA-4(7)

Disconnect Verification