Check: SRG-APP-000378-UEM-000249
Unified Endpoint Management Server SRG:
SRG-APP-000378-UEM-000249
(in versions v2 r3 through v1 r1)
Title
The UEM server must be configured to only allow enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications. (Cat II impact)
Discussion
If the application install policy is not enforced, malicious applications and vulnerable applications can be installed on managed mobile devices, which could compromise DOD data. Satisfies:FMT_MOF.1.1(3) Reference:PP-MDM-423206
Check Content
Verify the UEM server allows only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications. If the UEM server does not allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications, this is a finding.
Fix Text
Configure the UEM server to allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.
Additional Identifiers
Rule ID: SV-234521r985771_rule
Vulnerability ID: V-234521
Group Title: SRG-APP-000378
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-003980 |
Allow user installation of software only with explicit privileged status. |
Controls
| Number | Title |
|---|---|
| No controls are assigned to this check |