STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← CM-6 (1) — Configuration Settings

CCI-000370

Definition

Manage configuration settings for organization-defined system components using organization-defined automated mechanisms.

Parent Control

CM-6 (1)Configuration SettingsConfiguration Management

Linked STIG Checks (143)

V-254578CAT IIIApple iOS/iPadOS 16 must allow the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254580CAT IIApple iOS/iPadOS 16 must not allow backup to remote systems (iCloud document and data synchronization).Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254581CAT IIApple iOS/iPadOS 16 must not allow backup to remote systems (iCloud Keychain).Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254582CAT IIApple iOS/iPadOS 16 must not allow backup to remote systems (My Photo Stream).Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254583CAT IIApple iOS/iPadOS 16 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254584CAT IIApple iOS/iPadOS 16 must not allow backup to remote systems (managed applications data stored in iCloud).Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254586CAT IIApple iOS/iPadOS 16 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254607CAT IIIApple iOS/iPadOS 16 must implement the management setting: limit Ad Tracking.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254608CAT IIIApple iOS/iPadOS 16 must implement the management setting: Not allow automatic completion of Safari browser passcodes.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254609CAT IIApple iOS/iPadOS 16 must implement the management setting: Encrypt iTunes backups/Encrypt local backup.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254610CAT IIIApple iOS/iPadOS 16 must implement the management setting: not allow use of Handoff.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254612CAT IIApple iOS/iPadOS 16 must implement the management setting: Disable Allow MailDrop.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254614CAT IiPhone and iPad must have the latest available iOS/iPadOS operating system installed.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254616CAT IIApple iOS/iPadOS 16 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 16 Mail app.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254618CAT IIIApple iOS/iPadOS 16 must implement the management setting: Not have any Family Members in Family Sharing.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254621CAT IIApple iOS/iPadOS 16 users must complete required training.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254623CAT IIApple iOS/iPadOS 16 must implement the management setting: Enable USB Restricted Mode.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254624CAT IIIApple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254625CAT IIIApple iOS/iPadOS 16 must not allow unmanaged apps to read contacts from managed contacts accounts.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254626CAT IIIApple iOS/iPadOS 16 must implement the management setting: Disable AirDrop.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254627CAT IIApple iOS/iPadOS 16 must implement the management setting: Disable paired Apple Watch.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254628CAT IIApple iOS/iPadOS 16 must disable Password AutoFill in browsers and applications.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254629CAT IIApple iOS/iPadOS 16 must disable allow setting up new nearby devices.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254630CAT IIApple iOS/iPadOS 16 must disable password proximity requests.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254631CAT IIApple iOS/iPadOS 16 must disable password sharing.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254632CAT IIIApple iOS/iPadOS 16 must disable Find My Friends in the Find My app.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254633CAT IIThe Apple iOS/iPadOS 16 must be supervised by the MDM.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254634CAT IIApple iOS/iPadOS 16 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254637CAT IIApple iOS/iPadOS 16 must disable "Allow network drive access in Files access".Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254638CAT IIApple iOS/iPadOS 16 must disable connections to Siri servers for the purpose of dictation.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254639CAT IIApple iOS/iPadOS 16 must disable connections to Siri servers for the purpose of translation.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254640CAT IIApple iOS/iPadOS 16 must disable copy/paste of data from managed to unmanaged applications.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-250919CAT IIIApple iOS/iPadOS 15 must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250927CAT IIApple iOS/iPadOS 15 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.Apple iOS/iPadOS 15 Security Technical Implementation Guide V-257104CAT IIApple iOS/iPadOS 16 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257105CAT IIApple iOS/iPadOS 16 must not allow backup to remote systems (managed applications data stored in iCloud).Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257121CAT IIApple iOS/iPadOS 16 must implement the management setting: Encrypt iTunes backups/Encrypt local backup.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257123CAT IiPhone and iPad must have the latest available iOS/iPadOS operating system installed.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257125CAT IIApple iOS/iPadOS 16 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 16 Mail app.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257128CAT IIApple iOS/iPadOS 16 users must complete required training.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257130CAT IIIApple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257131CAT IIIApple iOS/iPadOS 16 must not allow unmanaged apps to read contacts from managed contacts accounts.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257133CAT IIApple iOS/iPadOS 16 must disable copy/paste of data from managed to unmanaged applications.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-267937CAT IIIApple iOS/iPadOS 18 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis].Apple iOS/iPadOS 18 Security Technical Implementation Guide V-268063CAT IIApple iOS/iPadOS 18 must have DOD root and intermediate PKI certificates installed.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-278697CAT IIIApple iOS/iPadOS 26 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis].Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278822CAT IIApple iOS/iPadOS 26 must have DOD root and intermediate PKI certificates installed.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-276374CAT IIIApple visionOS 2 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis].Apple visionOS 2 Security Technical Implementation Guide V-276413CAT IIApple visionOS 2 must have DOD root and intermediate PKI certificates installed.Apple visionOS 2 Security Technical Implementation Guide V-282783CAT IIIApple visionOS 26 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis].Apple visionOS 26 Security Technical Implementation Guide V-282823CAT IIApple visionOS 26 must have DOD root and intermediate PKI certificates installed.Apple visionOS 26 Security Technical Implementation Guide V-217376CAT IThe Arista Multilayer Switch must employ AAA service to centrally manage authentication settings.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255963CAT IThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255963CAT IThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-38752CAT IIBlackBerry PlayBook OS must employ mobile device management services to centrally manage IT PoliciesBlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-38753CAT IIBlackBerry PlayBook OS must employ mobile device management services to centrally manage email settingsBlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-38754CAT IIBlackBerry PlayBook OS must employ mobile device management services to centrally manage Wi-Fi profilesBlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-38755CAT IIBlackBerry PlayBook OS must employ mobile device management services to centrally manage VPN profilesBlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-255501CAT IIThe CA API Gateway must employ RADIUS + LDAPS or LDAPS to centrally manage authentication settings.CA API Gateway NDM Security Technical Implementation Guide V-271924CAT IThe Cisco APIC must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Cisco ACI NDM Security Technical Implementation Guide V-239940CAT IThe Cisco ASA must be configured to use at least two authentication servers to authenticate users prior to granting administrative access.Cisco ASA NDM Security Technical Implementation Guide V-215709CAT IThe Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Cisco IOS Router NDM Security Technical Implementation Guide V-220617CAT IThe Cisco switch must be configured to use at least two authentication servers to authenticate users prior to granting administrative access.Cisco IOS Switch NDM Security Technical Implementation Guide V-215854CAT IThe Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220565CAT IThe Cisco switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216544CAT IThe Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242633CAT IIThe Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.Cisco ISE NDM Security Technical Implementation Guide V-220513CAT IThe Cisco switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Cisco NX OS Switch NDM Security Technical Implementation Guide V-255584CAT IIAccounts for device management must be configured on the authentication server and not the network device itself, except for the account of last resort.DBN-6300 NDM Security Technical Implementation Guide V-269789CAT IThe Dell OS10 Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.Dell OS10 Switch NDM Security Technical Implementation Guide V-270643CAT IThe Dell OS10 Switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Dell OS10 Switch NDM Security Technical Implementation Guide V-217420CAT IIThe BIG-IP appliance must be configured to employ automated mechanisms to centrally manage authentication settings.F5 BIG-IP Device Management Security Technical Implementation Guide V-266079CAT IThe F5 BIG-IP appliance must be configured to use at least two authentication servers to authenticate administrative users.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-255632CAT IIAdministrative accounts for device management must be configured on the authentication server and not the network device itself (except for the account of last resort).ForeScout CounterACT NDM Security Technical Implementation Guide V-230952CAT IIForescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.Forescout Network Device Management Security Technical Implementation Guide V-234192CAT IIThe FortiGate device must use LDAP for authentication.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-258475CAT IIIGoogle Android 13 must prohibit DOD VPN profiles in the Personal Profile.Google Android 13 BYOAD Security Technical Implementation Guide V-258497CAT IIThe Google Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates (work profile).Google Android 13 BYOAD Security Technical Implementation Guide V-258406CAT IIThe Google Android 14 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Google Android 14 COBO Security Technical Implementation Guide V-258442CAT IIThe Google Android 14 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Google Android 14 COPE Security Technical Implementation Guide V-260082CAT IIGoogle Android 14 must prohibit DOD VPN profiles in the Personal Profile.Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-260174CAT IIThe Google Android 14 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates (work profile).Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-267463CAT IIThe Google Android 15 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Google Android 15 COBO Security Technical Implementation Guide V-269100CAT IGoogle Android 15 must be configured to disable "Private Space" use.Google Android 15 COBO Security Technical Implementation Guide V-267561CAT IIThe Google Android 15 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Google Android 15 COPE Security Technical Implementation Guide V-269101CAT IGoogle Android 15 must be configured to disable "Private Space" use.Google Android 15 COPE Security Technical Implementation Guide V-276781CAT IIGoogle Android 16 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Google Android 16 COBO Security Technical Implementation Guide V-276783CAT IGoogle Android 16 must be configured to disable "Private Space" use.Google Android 16 COBO Security Technical Implementation Guide V-276886CAT IIGoogle Android 16 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Google Android 16 COPE Security Technical Implementation Guide V-276888CAT IGoogle Android 16 must be configured to disable "Private Space" use.Google Android 16 COPE Security Technical Implementation Guide V-283425CAT IThe HPE Alletra Storage ArcusOS device must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-266970CAT IAOS must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-252197CAT IThe HPE Nimble must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.HPE Nimble Storage Array NDM Security Technical Implementation Guide V-268236CAT IThe HYCU virtual appliance must be configured to use at least two authentication servers for authenticating users prior to granting administration access.HYCU Protege Security Technical Implementation Guide V-274316CAT IIHoneywell Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Honeywell Android 13 COBO Security Technical Implementation Guide V-274412CAT IIHoneywell Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Honeywell Android 13 COPE Security Technical Implementation Guide V-235044CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to disable trust agents. NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235051CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to enable audit logging.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235053CAT IIThe Honeywell Android Pie must wipe all data upon unenrollment from MDM.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235056CAT IIThe Honeywell Mobility Edge Android Pie must allow only the administrator (MDM) to install/remove DoD root and intermediate PKI certificates.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235060CAT IIHoneywell Mobility Edge Android Pie devices must configured to disallow outgoing beam.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235072CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to disable trust agents. NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.Honeywell Android 9.x COPE Security Technical Implementation Guide V-235080CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to enable audit logging.Honeywell Android 9.x COPE Security Technical Implementation Guide V-235084CAT IIThe Honeywell Mobility Edge Android Pie must allow only the administrator (MDM) to install/remove DoD root and intermediate PKI certificates.Honeywell Android 9.x COPE Security Technical Implementation Guide V-235091CAT IIHoneywell Mobility Edge Android Pie devices must configured to disallow outgoing beam.Honeywell Android 9.x COPE Security Technical Implementation Guide V-65177CAT IIThe DataPower Gateway must employ automated mechanisms to centrally manage authentication settings.IBM DataPower Network Device Management Security Technical Implementation Guide V-255770CAT IIAdministrative accounts for device management must be configured on the authentication server and not the MQ Appliance network device itself (except for the emergency administration account).IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-258600CAT IThe ICS must be configured to prevent nonprivileged users from executing privileged functions.Ivanti Connect Secure NDM Security Technical Implementation Guide V-253941CAT IThe Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217350CAT IThe Juniper router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Juniper Router NDM Security Technical Implementation Guide V-223206CAT IIThe Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-272199CAT IIThe Motorola Solutions Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Motorola Solutions Android 13 COBO Security Technical Implementation Guide V-272344CAT IIThe Motorola Solutions Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Motorola Solutions Android 13 COPE Security Technical Implementation Guide V-246940CAT IONTAP must be configured to use an authentication server to provide multifactor authentication.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202132CAT IThe network device must be configured to use at least one authentication server for the purpose of authenticating users prior to granting administrative access. For boundary devices, two authentication servers are required.Network Device Management Security Requirements Guide V-243144CAT IThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.Network WLAN AP-IG Management Security Technical Implementation Guide V-243162CAT IThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243180CAT IThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.Network WLAN Bridge Management Security Technical Implementation Guide V-243198CAT IThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.Network WLAN Controller Management Security Technical Implementation Guide V-273835CAT IThe RUCKUS ICX device must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.RUCKUS ICX NDM Security Technical Implementation Guide V-275461CAT IThe Riverbed NetIM must be configured to use an authentication server configured for multifactor authentication (MFA) using DOD PKI for the purpose of authenticating users prior to granting administrative access.Riverbed NetIM NDM Security Technical Implementation Guide V-256079CAT IThe Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.Riverbed NetProfiler Security Technical Implementation Guide V-256093CAT IThe Riverbed NetProfiler must be configured to use an authentication server to authenticate users prior to granting administrative access.Riverbed NetProfiler Security Technical Implementation Guide V-272525CAT IIISamsung Android 15 must prohibit DOD VPN profiles in the Personal Profile.Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-272609CAT IISamsung Android's Work environment must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-276537CAT IISamsung Android's Work profile must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.Samsung Android 16 COBO Security Technical Implementation Guide V-276643CAT IISamsung Android's Work profile must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.Samsung Android 16 COPE Security Technical Implementation Guide V-255131CAT IISamsung Android must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.Samsung Android OS 13 with Knox 3.x COBO Security Technical Implementation Guide V-255161CAT IISamsung Android's Work profile must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.Samsung Android OS 13 with Knox 3.x COPE Security Technical Implementation Guide V-268960CAT IISamsung Android's Work environment must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.Samsung Android OS 15 with Knox 3.x COBO Security Technical Implementation Guide V-269059CAT IISamsung Android's Work environment must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.Samsung Android OS 15 with Knox 3.x COPE Security Technical Implementation Guide V-279251CAT IThe Edge SWG must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Symantec Edge SWG NDM Security Technical Implementation Guide V-94683CAT IIAccounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort.Symantec ProxySG NDM Security Technical Implementation Guide V-242254CAT IThe TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-265296CAT IThe NSX Manager must be configured to integrate with an identity provider that supports multifactor authentication (MFA).VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-251789CAT IThe NSX-T Manager must integrate with either VMware Identity Manager (vIDM) or VMware Workspace ONE Access.VMware NSX-T Manager NDM Security Technical Implementation Guide V-252860CAT IIZebra Android 11 must be configured to disable trust agents.Zebra Android 11 COBO Security Technical Implementation Guide V-252867CAT IIIZebra Android 11 must allow only the Administrator (EMM) to perform the following management function: Enable/disable location services.Zebra Android 11 COBO Security Technical Implementation Guide V-252868CAT IIZebra Android 11 must be configured to enable audit logging.Zebra Android 11 COBO Security Technical Implementation Guide V-252873CAT IIZebra Android 11 must allow only the administrator (EMM) to install/remove DoD root and intermediate PKI certificates.Zebra Android 11 COBO Security Technical Implementation Guide V-270172CAT IIThe Zebra Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Zebra Android 13 COPE Security Technical Implementation Guide V-283550CAT IIZebra Android 14 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Zebra Technologies Android 14 COBO Security Technical Implementation Guide V-283657CAT IIZebra Android 14 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates.Zebra Technologies Android 14 COPE Security Technical Implementation Guide