STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Unified Endpoint Management Server Security Requirements Guide

V-234379

CAT II (Medium)

When the UEM server cannot establish a connection to determine the validity of a certificate, the server must be configured not to have the option to accept the certificate.

Rule ID

SV-234379r961038_rule

STIG

Unified Endpoint Management Server Security Requirements Guide

Version

V2R4

CCIs

CCI-000185

Discussion

When an UEM server accepts an unverified certificate, it may be trusting a malicious actor. For example, messages signed with an invalid certificate may contain links to malware, which could lead to the installation or distribution of that malware on DoD information systems, leading to compromise of DoD sensitive information and other attacks. Satisfies:FIA_X509_EXT.2.2 Reference:PP-MDM-412003

Check Content

Verify the UEM server does not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.

If the UEM server automatically accepts a certificate when it cannot establish a connection to determine the validity of a certificate, this is a finding.

Fix Text

Configure the UEM server to not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.