STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Unified Endpoint Management Agent Security Requirements Guide

V-234239

CAT II (Medium)

The UEM Agent must not install policies if the policy-signing certificate is deemed invalid.

Rule ID

SV-234239r961038_rule

STIG

Unified Endpoint Management Agent Security Requirements Guide

Version

V2R1

CCIs

CCI-000185

Discussion

It is critical that the UEM agent only use validated certificates for policy updates. Otherwise, there is no assurance that a malicious actor has not inserted itself in the process of packaging the code or policy. Satisfies: FMT_POL_EXT.2.2

Check Content

Verify the UEM Agent does not install policies if the policy-signing certificate is deemed invalid.

If the UEM Agent installs policies when the policy-signing certificate is deemed invalid, this is a finding.

Fix Text

Configure the UEM Agent to not install policies if the policy-signing certificate is deemed invalid.