An error occurred:

Check: SRG-APP-000479-UEM-000354

Unified Endpoint Management Server SRG: SRG-APP-000479-UEM-000354 (in versions v2 r3 through v1 r1)

Title

The UEM server must be configured to verify software updates to the server using a digital signature mechanism prior to installing those updates. (Cat II impact)

Discussion

Unauthorized modifications to software or firmware may be indicative of a sophisticated, targeted cyber-attack. Cryptographic authentication includes, for example, verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code. Satisfies:FPT_TUD_EXT.1.3

Check Content

Verify the UEM server verifies software updates to the server using a digital signature mechanism prior to installing those updates. If the UEM server does not verify software updates to the server using a digital signature mechanism prior to installing those updates, this is a finding.

Fix Text

Configure the UEM server to verify software updates to the server using a digital signature mechanism prior to installing those updates.

Additional Identifiers

Rule ID: SV-234629r961752_rule

Vulnerability ID: V-234629

Group Title: SRG-APP-000479

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002740

Implement cryptographic mechanisms to authenticate organization-defined software or firmware components prior to installation.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-7(15)

Code Authentication