STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 1 hour ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to STIGs

Omnissa WS1 UEM Server Security Technical Implementation Guide

Version

V1R1

Release Date

Jun 15, 2026

SCAP Benchmark ID

Omnissa_WS1_UEM_Server_STIG

Total Checks

15

Tags

other
CAT I: 0CAT II: 15CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of War (DoW) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (15)

V-284249MEDIUMThe Omnissa WS1 UEM server must limit the number of concurrent sessions per privileged user account to three or less concurrent sessions.V-284251MEDIUMThe Omnissa WS1 UEM server must initiate a session lock after a 15-minute period of inactivity.V-284254MEDIUMThe Omnissa WS1 UEM server must be configured to use a directory service for centralized account management.V-284260MEDIUMThe Omnissa WS1 UEM server must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.V-284275MEDIUMThe UEM SRG must alert the information system security officer and system administrator (at a minimum) in the event of an audit processing failure.V-284282MEDIUMThe firewall protecting the Omnissa WS1 UEM server platform must be configured so only DoW-approved ports, protocols, and services are enabled. (Refer to the DoW Ports, Protocols, Services Management [PPSM] Category Assurance Levels [CAL] list for DoW-approved ports, protocols, and services).V-284284MEDIUMThe Omnissa WS1 UEM server must be configured to require a One-Time Password (OTP) or Short Message Service (SMS) two-factor authentication for local accounts.V-284305MEDIUMThe Omnissa WS1 UEM server must be configured to transfer Omnissa WS1 UEM server logs to another server for storage, analysis, and reporting. Note: Omnissa WS1 UEM server logs include logs of UEM events and logs transferred to the Omnissa WS1 UEM server by UEM agents of managed devices.V-284306MEDIUMThe Omnissa WS1 UEM server must be configured to record time stamps for audit records in Coordinated Universal Time (UTC).V-284320MEDIUMThe Omnissa WS1 UEM server must be configured with the periodicity of the following commands to the agent of six hours or less: - Query connectivity status. - Query the current version of the managed device firmware/software. - Query the current version of installed mobile applications. - Read audit logs kept by the managed device.V-284349MEDIUMThe Omnissa WS1 UEM server must enforce a minimum 15-character password length.V-284350MEDIUMThe Omnissa WS1 UEM server must prohibit password reuse for a minimum of five generations.V-284351MEDIUMThe Omnissa WS1 UEM server must enforce password complexity by requiring at least one uppercase character to be used.V-284354MEDIUMThe Omnissa WS1 UEM server must enforce a 60-day maximum password lifetime restriction.V-284358MEDIUMThe Omnissa WS1 UEM server must be configured to have at least one user in defined administrator roles.