The UEM server must disable organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or non-secure.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-234526	SRG-APP-000383	SRG-APP-000383-UEM-000254	SV-234526r961470_rule	2024-12-09	2

Description
Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. Examples include unneeded listening ports. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure. Satisfies:FMT_SMF.1.1(2) Refinement b Reference:PP-MDM-431006

Description

Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. Examples include unneeded listening ports. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure. Satisfies:FMT_SMF.1.1(2) Refinement b Reference:PP-MDM-431006

ℹ️ Check
Verify the UEM server disables organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or non-secure. If the UEM server does not disable organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or non-secure, this is a finding.

✔️ Fix
Configure the UEM server to disable organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or non-secure.