Title

The UEM server must run a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server. (Cat II impact)

Discussion

Without verification, security functions may not operate correctly and this failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications, such as lights. This requirement applies to applications performing security functions and the applications performing security function verification/testing. Satisfies:FPT_TST_EXT.1.1

Check Content

Verify the UEM server runs a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server. If the UEM server does not run a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server, this is a finding.

Fix Text

Configure the UEM server to run a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server.

Additional Identifiers

Rule ID: SV-234623r961734_rule

Vulnerability ID: V-234623

Group Title: SRG-APP-000473

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.