STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Unified Endpoint Management Server Security Requirements Guide

V-234521

CAT II (Medium)

The UEM server must be configured to only allow enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.

Rule ID

SV-234521r985771_rule

STIG

Unified Endpoint Management Server Security Requirements Guide

Version

V2R4

CCIs

CCI-003980

Discussion

If the application install policy is not enforced, malicious applications and vulnerable applications can be installed on managed mobile devices, which could compromise DOD data. Satisfies:FMT_MOF.1.1(3) Reference:PP-MDM-423206

Check Content

Verify the UEM server allows only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.

If the UEM server does not allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications, this is a finding.

Fix Text

Configure the UEM server to allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.