Rule ID
SV-251013r802261_rule
Version
V1R1
CCIs
SP 800-52 provides guidance on using the most secure version and configuration of the TLS/SSL protocol. Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks which exploit vulnerabilities in this protocol.
Verify the Sentry is configured to implement the applicable required TLS settings in NIST PUB SP 800-52.
1. Log in to MobileIron Sentry.
2. Go to Settings >> Services >> Sentry.
3. For each of the following configurations, follow the step 4 procedure:
a. Incoming SSL configuration
b. Outgoing SSL configuration
c. UEM SSL configuration
d. Access SSL configuration
4. Verify only TLS 1.2 is selected.
If any other protocol is selected, this is a finding.
For more information, go to the "MobileIron Sentry 9.8.0 guide for Core" and refer the main section "Standalone Sentry Settings", which includes subsections on how TLS 1.2 is set as the default protocol:
1. Incoming SSL configuration
2. Outgoing SSL configuration
3. UEM SSL configuration
4. Access SSL configuration
MobileIron Sentry conforms to the NIST SP 800-52 TLS settings by setting TLS 1.2 by default.Configure the Sentry to comply with applicable required TLS settings in NIST PUB SP 800-52.
1. Log in to MobileIron Sentry.
2. Go to Settings >> Services >> Sentry.
3. For each of the following configurations, follow the step 4 procedure:
a. Incoming SSL configuration
b. Outgoing SSL configuration
c. UEM SSL configuration
d. Access SSL configuration
4. Select only TLS 1.2 and remove others if selected.
5. Click "Apply".