STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Ivanti MobileIron Sentry 9.x ALG Security Technical Implementation Guide

V-251010

CAT II (Medium)

The Sentry must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.

Rule ID

SV-251010r802252_rule

STIG

Ivanti MobileIron Sentry 9.x ALG Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001414

Discussion

Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic. This requirement applies to the flow of information between the Sentry when used as a gateway or boundary device which allows traffic flow between interconnected networks of differing security policies. The Sentry and MobileIron UEM must be configured with policy filters (e.g., security policy and compliance rules) that restrict or block information system services.

Check Content

Verify the Sentry restricts or blocks harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on mobile device security posture reported by the MobileIron UEM.<br /><br />1. Log in to the Core Admin Portal.<br />2. Go to Policies and Configurations >> Policies. <br />3. Verify the appropriate Security Policies are applied to the devices accessing systems behind the Sentry.<br />4. Click "Edit".<br />5. In the Access Control section of the policy, verify the Block Email and AppConnect apps compliance action is selected for the "when a compromised device is detected" control for the iOS and Android device operating systems sections.<br />6. Click "Cancel".<br /><br />If "when a compromised device is detected" control for the iOS and Android device operating systems is not selected in the Access control section, this is a finding.

Fix Text

Configure the Sentry to restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.

1. Log in to the Core Admin Portal.
2. Go to Policies and Configurations >> Policies. 
3. Ensure the appropriate Security Policies are applied to the devices accessing systems behind the Sentry.
4. Click "Edit".
5. In the Access Control section of the policy, select the Block Email and AppConnect apps compliance for the “when a compromised device is detected” control for the iOS and Android device operating systems sections. 
6. Click "Save".

Refer to the MobileIron Sentry 9.8.0 Guide on how to configure the specific Sentry Services.