Ivanti EPMM Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Ivanti EPMM server must be configured to use a DoD Central Directory Service to provide multifactor authentication for network access to privileged and non-privileged accounts.
A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromise...Rule Medium Severity -
SRG-APP-000164-UEM-000094
Group -
SRG-APP-000165-UEM-000095
Group -
The Ivanti EPMM server must prohibit password reuse for a minimum of four generations.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need to...Rule Medium Severity -
SRG-APP-000166-UEM-000096
Group -
The Ivanti EPMM server must enforce password complexity by requiring that at least one uppercase character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000167-UEM-000097
Group -
The Ivanti EPMM server must enforce password complexity by requiring that at least one lowercase character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000168-UEM-000098
Group -
The Ivanti EPMM server must enforce password complexity by requiring that at least one numeric character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000169-UEM-000099
Group -
SRG-APP-000179-UEM-000110
Group -
SRG-APP-000295-UEM-000169
Group -
The Ivanti EPMM server must automatically terminate a user session after an organization-defined period of user inactivity.
Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i....Rule Medium Severity -
SRG-APP-000358-UEM-000228
Group -
The Ivanti EPMM server must be configured to transfer Ivanti EPMM server logs to another server for storage, analysis, and reporting. Note: Ivanti EPMM server logs include logs of UEM events and logs transferred to the Ivanti EPMM server by UEM agents of managed devices.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. No...Rule Medium Severity -
SRG-APP-000412-UEM-000283
Group -
The Ivanti EPMM server must configure web management tools with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Nonlocal maintenance and diagnostic activities are act...Rule High Severity -
SRG-APP-000427-UEM-000298
Group -
SRG-APP-000456-UEM-000330
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.