The Ivanti EPMM server must configure web management tools with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-251416 | SRG-APP-000412-UEM-000283 | IMIC-11-010000 | SV-251416r1004743_rule | 2024-07-30 | 3 |
| Description |
|---|
| Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Nonlocal maintenance and diagnostic activities are activities conducted by individuals communicating through either an external network (e.g., the internet) or an internal network. |
| ℹ️ Check |
|---|
| Verify MobileIron Core is in FIPS mode. ssh to command line console of the Core. Enable >> show fips. Verify FIPS mode is configured. If FIPS mode is not configured, this is a finding. |
| ✔️ Fix |
|---|
| Configure Core to be in FIPS mode. ssh to command line console of the Core. Enable >> show fips. Configure fips >> reload. |