The UEM server must be configured to only allow enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-234521 | SRG-APP-000378 | SRG-APP-000378-UEM-000249 | SV-234521r985771_rule | 2024-12-09 | 2 |
| Description |
|---|
| If the application install policy is not enforced, malicious applications and vulnerable applications can be installed on managed mobile devices, which could compromise DOD data. Satisfies:FMT_MOF.1.1(3) Reference:PP-MDM-423206 |
| ℹ️ Check |
|---|
| Verify the UEM server allows only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications. If the UEM server does not allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications, this is a finding. |
| ✔️ Fix |
|---|
| Configure the UEM server to allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications. |