← Back to Unified Endpoint Management Server Security Requirements Guide

V-264369

CAT I (High)

The UEM server, for each unique policy managed, must validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent] associated with a policy signing key uniquely associated with the policy.

Rule ID

SV-264369r985781_rule

STIG

Unified Endpoint Management Server Security Requirements Guide

Version

V2R4

CCIs

CCI-002470

Discussion

It is critical that the UEM server sign all policy updates with validated certificate or private keys. Otherwise, there is no assurance that a malicious actor has not inserted itself in the process of packaging the code or policy. This requirement focuses on communications protection for the application session rather than for the network packet. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and service-oriented architectures (SOAs). Satisfies: FMT_POL_EXT.1.3 Reference: PP-MDM-411071

Check Content

Verify the UEM server, for each unique policy managed, validates the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy].

If the UEM server does not validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy, this is a finding.

Fix Text

Configure the IUEM server, for each unique policy managed, to validate the policy is appropriate for an agent using [selection: a private key associated with an X509 certificate representing the agent, a token issued by the agent and associated with a policy signing key uniquely associated with the policy].