Title

The UEM Agent must perform the following functions: -enroll in management -configure whether users can unenroll from management -configure periodicity of reachability events. (Cat II impact)

Discussion

Access control of mobile devices to DoD sensitive information or access to DoD networks must be controlled so that DoD data will not be compromised. The primary method of access control of mobile devices is via enrollment of authorized mobile devices on the UEM server. Therefore, the UEM server must have the capability to enforce a policy for this control.

Check Content

Verify the UEM Agent performs the following functions: -Enroll in management -Configure whether users can unenroll from management -Configure periodicity of reachability events If the UEM Agent does not perform the following functions: -Enroll in management -Configure whether users can unenroll from management -Configure periodicity of reachability events this is a finding.

Fix Text

Configure the UEM Agent to perform the following functions: -Enroll in management -Configure whether users can unenroll from management -Configure periodicity of reachability events.

Additional Identifiers

Rule ID: SRG-APP-000516-UEM-100010_rule

Vulnerability ID: SRG-APP-000516-UEM-100010

Group Title: SRG-APP-000516-UEM-100010

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.