The firewall protecting the Omnissa WS1 UEM server platform must be configured so only DoW-approved ports, protocols, and services are enabled. (Refer to the DoW Ports, Protocols, Services Management [PPSM] Category Assurance Levels [CAL] list for DoW-approved ports, protocols, and services).

Severity
Group ID
Group Title
Version
Rule ID
Date
STIG Version
mediumV-284282SRG-APP-000142-UEM-000080OMW1-00-003700SV-284282r1224025_rule2026-06-151

Description

All ports, protocols, and services used on DoW networks must be approved and registered via the DoW PPSM process. This is to ensure a risk assessment has been completed before a new port, protocol, or service is configured on a DoW network and has been approved by proper DoW authorities. Otherwise, the new port, protocol, or service could cause a vulnerability to the DoW network, which could be exploited by an adversary. Satisfies: FMT_SMF.1.1(2) Refinement b Reference: PP-MDM-431006

ℹ️ Check

Review the MDM server platform configuration to determine whether a DoW-approved firewall is installed or if the platform operating system provides a firewall service that can restrict both inbound and outbound traffic by Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) port and Internet Protocol (IP) address. If there is not a host-based firewall present on the MDM server platform, or if it is not configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, this is a finding.

✔️ Fix

Install and configure a DoW-approved firewall to protect the network segment on which the Workspace ONE UEM server is installed.