Title

The UEM server must be configured to provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS]. (Cat II impact)

Discussion

Examples of authorized IT entities: audit server, Active Directory, software update server, and database server. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Nonlocal maintenance and diagnostic activities are activities conducted by individuals communicating through either an external network (e.g., the internet) or an internal network.

Check Content

Verify the UEM server provides a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS]. If the UEM server does not provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS], this is a finding.

Fix Text

Configure the UEM server to provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS].

Additional Identifiers

Rule ID: SRG-APP-000191-UEM-000117_rule

Vulnerability ID: SRG-APP-000191-UEM-000117

Group Title: SRG-APP-000191-UEM-000117

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.