Check: SRG-APP-000142-UEM-000080
Unified Endpoint Management Server SRG:
SRG-APP-000142-UEM-000080
(in versions v2 r3 through v1 r1)
Title
The firewall protecting the UEM server platform must be configured so only DoD-approved ports, protocols, and services are enabled. (See the DoD Ports, Protocols, Services Management [PPSM] Category Assurance Levels [CAL] list for DoD-approved ports, protocols, and services). (Cat II impact)
Discussion
All ports, protocols, and services used on DoD networks must be approved and registered via the DoD PPSM process. This is to ensure a risk assessment has been completed before a new port, protocol, or service is configured on a DoD network and has been approved by proper DoD authorities. Otherwise, the new port, protocol, or service could cause a vulnerability to the DoD network, which could be exploited by an adversary. Satisfies:FMT_SMF.1.1(2) Refinement b Reference:PP-MDM-431006
Check Content
Verify the firewall protecting the UEM server platform is configured so that only DoD-approved ports, protocols, and services are enabled. (See the DoD PPSM CAL list for DoD-approved ports, protocols, and services). If the firewall protecting the UEM server platform is not configured so that only DoD-approved ports, protocols, and services are enabled, this is a finding.
Fix Text
Configure the firewall protecting the UEM server platform so that only DoD-approved ports, protocols, and services are enabled. (See the DoD PPSM CAL list for DoD-approved ports, protocols, and services).
Additional Identifiers
Rule ID: SV-234353r1043177_rule
Vulnerability ID: V-234353
Group Title: SRG-APP-000142
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000382 |
Configure the system to prohibit or restrict the use of organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services. |
Controls
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |