STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Unified Endpoint Management Server Security Requirements Guide

V-234521

CAT II (Medium)

The UEM server must be configured to only allow enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.

Rule ID

SV-234521r985771_rule

STIG

Unified Endpoint Management Server Security Requirements Guide

Version

V2R4

CCIs

CCI-003980

Discussion

If the application install policy is not enforced, malicious applications and vulnerable applications can be installed on managed mobile devices, which could compromise DOD data. Satisfies:FMT_MOF.1.1(3) Reference:PP-MDM-423206

Check Content

Verify the UEM server allows only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.

If the UEM server does not allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications, this is a finding.

Fix Text

Configure the UEM server to allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.