STIGQter: STIG Summary: Unified Endpoint Management Server Security Requirements Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

When the UEM server cannot establish a connection to determine the validity of a certificate, the server must be configured not to have the option to accept the certificate.

DISA Rule

SV-234379r617355_rule

Vulnerability Number

V-234379

Group Title

SRG-APP-000175

Rule Version

SRG-APP-000175-UEM-000106

Severity

CAT II

CCI(s)

• CCI-000185 - The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.

Weight

10

Fix Recommendation

Configure the UEM server to not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.

Check Contents

Verify the UEM server does not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.

If the UEM server automatically accepts a certificate when it cannot establish a connection to determine the validity of a certificate, this is a finding.

Vulnerability Number

V-234379

Documentable

False

Rule Version

SRG-APP-000175-UEM-000106

Severity Override Guidance

Verify the UEM server does not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.

If the UEM server automatically accepts a certificate when it cannot establish a connection to determine the validity of a certificate, this is a finding.

Check Content Reference

M

Target Key

5269

Comments