The UEM Agent must not install policies if the policy-signing certificate is deemed invalid.

An XCCDF Rule

Details
Profiles

Description

It is critical that the UEM agent only use validated certificates for policy updates. Otherwise, there is no assurance that a malicious actor has not inserted itself in the process of packaging the code or policy. Satisfies: FMT_POL_EXT.2.2

ID: SV-234239r617354_rule
Version: SRG-APP-000175-UEM-100008
Severity: Medium
References: CCI-000185
Updated: about 2 months ago

Remediation Templates

Configure the UEM Agent to not install policies if the policy-signing certificate is deemed invalid.

The UEM Agent must not install policies if the policy-signing certificate is deemed invalid.

Description

Remediation Templates

A Manual Procedure