Check: SRG-APP-000401-UEM-000272
Unified Endpoint Management Server SRG:
SRG-APP-000401-UEM-000272
(in versions v2 r3 through v1 r1)
Title
The UEM server, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. (Cat II impact)
Discussion
Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).
Check Content
Verify the UEM server, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If the UEM server, for PKI-based authentication, does not implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, this is a finding.
Fix Text
Configure the UEM server to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network for PKI-based authentication.
Additional Identifiers
Rule ID: SV-234544r985774_rule
Vulnerability ID: V-234544
Group Title: SRG-APP-000401
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-004068 |
For public key-based authentication, implement a local cache of revocation data to support path discovery and validation. |
Controls
| Number | Title |
|---|---|
| No controls are assigned to this check |