Skip to content

When the UEM server cannot establish a connection to determine the validity of a certificate, the server must be configured not to have the option to accept the certificate.

An XCCDF Rule

Description

<VulnDiscussion>When an UEM server accepts an unverified certificate, it may be trusting a malicious actor. For example, messages signed with an invalid certificate may contain links to malware, which could lead to the installation or distribution of that malware on DoD information systems, leading to compromise of DoD sensitive information and other attacks. Satisfies:FIA_X509_EXT.2.2 Reference:PP-MDM-412003</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-234379r879612_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure the UEM server to not automatically accept a certificate when it cannot establish a connection to determine the validity of a certificate.