STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Unified Endpoint Management Agent Security Requirements Guide

V-234239

CAT II (Medium)

The UEM Agent must not install policies if the policy-signing certificate is deemed invalid.

Rule ID

SV-234239r961038_rule

STIG

Unified Endpoint Management Agent Security Requirements Guide

Version

V2R1

CCIs

CCI-000185

Discussion

It is critical that the UEM agent only use validated certificates for policy updates. Otherwise, there is no assurance that a malicious actor has not inserted itself in the process of packaging the code or policy. Satisfies: FMT_POL_EXT.2.2

Check Content

Verify the UEM Agent does not install policies if the policy-signing certificate is deemed invalid.

If the UEM Agent installs policies when the policy-signing certificate is deemed invalid, this is a finding.

Fix Text

Configure the UEM Agent to not install policies if the policy-signing certificate is deemed invalid.