The Ivanti EPMM server must configure web management tools with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251416 | IMIC-11-010000 | SV-251416r1004743_rule | CCI-003123 | high |
| Description | ||||
| Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Nonlocal maintenance and diagnostic activities are activities conducted by individuals communicating through either an external network (e.g., the internet) or an internal network. | ||||
| STIG | Date | |||
| Ivanti EPMM Server Security Technical Implementation Guide | 2024-07-30 | |||
Details
Check Text (C-251416r1004743_chk)
Verify MobileIron Core is in FIPS mode.
ssh to command line console of the Core. Enable >> show fips. Verify FIPS mode is configured.
If FIPS mode is not configured, this is a finding.
Fix Text (F-54804r806379_fix)
Configure Core to be in FIPS mode.
ssh to command line console of the Core. Enable >> show fips. Configure fips >> reload.