The Sentry that provides intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52.

An XCCDF Rule

Description

<VulnDiscussion>SP 800-52 provides guidance on using the most secure version and configuration of the TLS/SSL protocol. Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks which exploit vulnerabilities in this protocol.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251013r802261_rule
Severity: Medium
References: CCI-000068
Updated: about 1 year ago

Configure the Sentry to comply with applicable required TLS settings in NIST PUB SP 800-52.

1. Log in to MobileIron Sentry.
2. Go to Settings >> Services >> Sentry.
3. For each of the following configurations, follow the step 4 procedure: 
     a. Incoming SSL configuration     b. Outgoing SSL configuration
     c. UEM SSL configuration
     d. Access SSL configuration
4. Select only TLS 1.2 and remove others if selected.
5. Click "Apply".

The Sentry that provides intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52.

Description

Remediation - Manual Procedure