The UEM server must be configured to only allow enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-234521	SRG-APP-000378-UEM-000249	SV-234521r985771_rule		Medium

Description

If the application install policy is not enforced, malicious applications and vulnerable applications can be installed on managed mobile devices, which could compromise DOD data. Satisfies:FMT_MOF.1.1(3) Reference:PP-MDM-423206

STIG	Date
Unified Endpoint Management Server Security Requirements Guide	2024-12-09

Details

Check Text (C-37706r851589_chk)

Verify the UEM server allows only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.

If the UEM server does not allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications, this is a finding.

Fix Text (F-37671r615207_fix)

Configure the UEM server to allow only enrolled devices that are compliant with UEM policies and assigned to a user in the application access group to download applications.