|Finding ID||Version||Rule ID||IA Controls||Severity|
|All ports, protocols, and services used on DoD networks must be approved and registered via the DoD PPSM process. This is to ensure that a risk assessment has been completed before a new port, protocol, or service is configured on a DoD network and has been approved by proper DoD authorities. Otherwise, the new port, protocol, or service could cause a vulnerability to the DoD network, which could be exploited by an adversary. SFR ID: FMT_SMF.1.1(2) b|
|BlackBerry UEM 12.10 MDM Security Technical Implementation Guide||2019-02-19|
|Check Text ( C-90961r1_chk )|
| Ask the MDM administrator for a list of ports, protocols, and services that have been configured on the host-based firewall of the MDM server or generate the list by inspecting the firewall. |
Verify all allowed ports, protocols, and services are included on the DoD PPSM CAL list.
If any allowed ports, protocols, and services on the MDM host-based firewall are not included on the DoD PPSM CAL list, this is a finding.
|Fix Text (F-98005r1_fix)|
|Turn off any ports, protocols, and services on the MDM host-based firewall that are not on the DoD PPSM CAL list.|