Title

The UEM server, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. (Cat II impact)

Discussion

Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).

Check Content

Verify the UEM server, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If the UEM server, for PKI-based authentication, does not implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, this is a finding.

Fix Text

Configure the UEM server to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network for PKI-based authentication.

Additional Identifiers

Rule ID: SRG-APP-000401-UEM-000272_rule

Vulnerability ID: SRG-APP-000401-UEM-000272

Group Title: SRG-APP-000401-UEM-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.