Check: SRG-APP-000358-UEM-100003
Unified Endpoint Management Agent SRG:
SRG-APP-000358-UEM-100003
(in version v1 r1)
Title
The UEM Agent must queue alerts if the trusted channel is not available. (Cat II impact)
Discussion
Alerts providing notification of a change in enrollment state facilitate verification of the correct operation of security functions. When an UEM server receives such an alert from an UEM Agent, it indicates the security policy may no longer be enforced on the mobile device. This enables the UEM administrator to take an appropriate remedial action. Satisfies: FAU_ALT_EXT.2.2
Check Content
Verify the UEM Agent queues alerts if the trusted channel is not available. If the UEM Agent does not queue alerts if the trusted channel is not available, this is a finding.
Fix Text
Configure the UEM Agent to queue alerts if the trusted channel is not available.
Additional Identifiers
Rule ID: SV-234241r617354_rule
Vulnerability ID: V-234241
Group Title: SRG-APP-000358
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
| Number | Title |
|---|---|
| AU-4(1) |
Transfer to Alternate Storage |