Unified Endpoint Management Server SRG Version Comparison

There are 5 differences between versions v2 r1 (July 24, 2024) (the "left" version) and v2 r3 (Jan. 30, 2025) (the "right" version).

Check SRG-APP-000191-UEM-000117 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

The UEM server must be configured to provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS].

Check Content

Verify the UEM server provides a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS]. If the UEM server does not provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS], this is a finding.

Discussion

Examples of authorized IT entities: audit server, Active Directory, software update server, and database server. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Nonlocal maintenance and diagnostic activities are activities conducted by individuals communicating through either an external network (e.g., the internet) or an internal network. Satisfies: FTP_ITC.1.1(1) Refinement Reference: PP-MDM-412062

Fix

Configure the UEM server to provide a trusted communication channel between itself and authorized IT entities using [selection: -IPsec, -SSH, -mutually authenticated TLS, -mutually authenticated DTLS, -HTTPS].