STIGQter: STIG Summary: Unified Endpoint Management Server Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

The UEM server must use FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts.

DISA Rule

SV-234363r617407_rule

Vulnerability Number

V-234363

Group Title

SRG-APP-000156

Rule Version

SRG-APP-000156-UEM-000090

Severity

CAT I

CCI(s)

• CCI-001941 - The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

Weight

10

Fix Recommendation

Configure the UEM server to use FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts.

Check Contents

Requirement is Not Applicable when UEM server is configured to use DoD Central Directory Service for administrator account authentication.

Verify the UEM server uses FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts.

If the UEM server does not use FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts, this is a finding.

Vulnerability Number

V-234363

Documentable

False

Rule Version

SRG-APP-000156-UEM-000090

Severity Override Guidance

Requirement is Not Applicable when UEM server is configured to use DoD Central Directory Service for administrator account authentication.

Verify the UEM server uses FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts.

If the UEM server does not use FIPS-validated SHA-2 or higher hash function to provide replay-resistant authentication mechanisms for network access to privileged accounts, this is a finding.

Check Content Reference

M

Target Key

5269

Comments