| V-284249 | | The Omnissa WS1 UEM server must limit the number of concurrent sessions per privileged user account to three or less concurrent sessions. | Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allow... |
| V-284251 | | The Omnissa WS1 UEM server must initiate a session lock after a 15-minute period of inactivity. | A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information syst... |
| V-284254 | | The Omnissa WS1 UEM server must be configured to use a directory service for centralized account management. | Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk o... |
| V-284260 | | The Omnissa WS1 UEM server must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, ... |
| V-284275 | | The UEM SRG must alert the information system security officer and system administrator (at a minimum) in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notificatio... |
| V-284282 | | The firewall protecting the Omnissa WS1 UEM server platform must be configured so only DoW-approved ports, protocols, and services are enabled. (Refer to the DoW Ports, Protocols, Services Management [PPSM] Category Assurance Levels [CAL] list for DoW-approved ports, protocols, and services). | All ports, protocols, and services used on DoW networks must be approved and registered via the DoW PPSM process. This is to ensure a risk assessment ... |
| V-284284 | | The Omnissa WS1 UEM server must be configured to require a One-Time Password (OTP) or Short Message Service (SMS) two-factor authentication for local accounts. | DoW sites may implement one "break-glass" WS1 UEM local account for the purpose of server recovery. This account must use two-factor authentication t... |
| V-284305 | | The Omnissa WS1 UEM server must be configured to transfer Omnissa WS1 UEM server logs to another server for storage, analysis, and reporting.
Note: Omnissa WS1 UEM server logs include logs of UEM events and logs transferred to the Omnissa WS1 UEM server by UEM agents of managed devices. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in information... |
| V-284306 | | The Omnissa WS1 UEM server must be configured to record time stamps for audit records in Coordinated Universal Time (UTC). | If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis.
Time stamps genera... |
| V-284320 | | The Omnissa WS1 UEM server must be configured with the periodicity of the following commands to the agent of six hours or less:
- Query connectivity status.
- Query the current version of the managed device firmware/software.
- Query the current version of installed mobile applications.
- Read audit logs kept by the managed device. | Without verification, security functions may not operate correctly and this failure may go unnoticed.
Security function is defined as the hardware... |
| V-284349 | | The Omnissa WS1 UEM server must enforce a minimum 15-character password length. | The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
Password complex... |
| V-284350 | | The Omnissa WS1 UEM server must prohibit password reuse for a minimum of five generations. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
To me... |
| V-284351 | | The Omnissa WS1 UEM server must enforce password complexity by requiring at least one uppercase character to be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-284354 | | The Omnissa WS1 UEM server must enforce a 60-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals.
One method of minim... |
| V-284358 | | The Omnissa WS1 UEM server must be configured to have at least one user in defined administrator roles. | Having several administrative roles for the UEM server supports separation of duties. This allows administrator-level privileges to be granted granula... |