An error occurred:

Check: SRG-APP-000427-UEM-000500

Unified Endpoint Management Server SRG: SRG-APP-000427-UEM-000500 (in versions v2 r3 through v1 r2)

Title

The UEM server must provide digitally signed policies and policy updates to the UEM agent. (Cat I impact)

Discussion

It is critical that the UEM server sign all policy updates with validated certificates. Otherwise, there is no assurance that a malicious actor has not inserted itself in the process of packaging the code or policy. Satisfies: FMT_POL_EXT.1.1

Check Content

Verify the UEM server is signing all policy updates sent to the UEM Agent with validated certificates. If the UEM server is not signing all policy updates sent to the UEM Agent with validated certificates, this is a finding.

Fix Text

Configure the UEM server to sign all policy updates sent to the UEM Agent with validated certificates.

Additional Identifiers

Rule ID: SV-256892r985785_rule

Vulnerability ID: V-256892

Group Title: SRG-APP-000427

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002470

Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-23(5)

Allowed Certificate Authorities