The designer will ensure private keys are accessible only to administrative users.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-16789	APP3180	SV-17789r1_rule	ECCD-1	Medium

Description
If private keys are accessible to non-administrative users, these users could potentially read and use the private keys to unencrypt stored or transmitted sensitive data used by the application.

STIG	Date
Application Security and Development STIG	2014-04-03

Details

Check Text ( C-17775r1_chk )
Interview the application representative and determine the keys resident on application servers (including X.509 certificates). For the purposes of this checklist, no more than 20 keys need to be examined. Based on the number of keys in the inventory, determine if all of the keys will be examined, or just a sample. If a sample will be selected, choose keys of a variety of types (certificate of a certificate authority, certificate of a user, private key of a user, etc.). No user or process should be able to write to any file containing keys. If keys need to be replaced or added, permissions can be changed temporarily for those events. 1) If any privileged or non-privileged user or application process has write permissions to a file containing cryptographic keys, it is a finding. Determine if when keys are read, that transaction occurs under the security context of a user account, or of the application process (which would perform the transaction on behalf of the user). Ensure that read permissions are granted only to the account(s) that must know the key to make the application function. If any user groups are granted read permissions, check that the members of these groups contain only the users that require knowledge of the key. 2) If any user accounts have read (or greater) permissions to a private or secret key, which do not require such permissions, it is a finding. 3) If any group with read permissions contains a user that does not require such permissions, it is a finding.

Check Text ( C-17775r1_chk )

Interview the application representative and determine the keys resident on application servers (including X.509 certificates). For the purposes of this checklist, no more than 20 keys need to be examined. Based on the number of keys in the inventory, determine if all of the keys will be examined, or just a sample. If a sample will be selected, choose keys of a variety of types (certificate of a certificate authority, certificate of a user, private key of a user, etc.). No user or process should be able to write to any file containing keys. If keys need to be replaced or added, permissions can be changed temporarily for those events.

1) If any privileged or non-privileged user or application process has write permissions to a file containing cryptographic keys, it is a finding.

Determine if when keys are read, that transaction occurs under the security context of a user account, or of the application process (which would perform the transaction on behalf of the user). Ensure that read permissions are granted only to the account(s) that must know the key to make the application function. If any user groups are granted read permissions, check that the members of these groups contain only the users that require knowledge of the key.

2) If any user accounts have read (or greater) permissions to a private or secret key, which do not require such permissions, it is a finding.

3) If any group with read permissions contains a user that does not require such permissions, it is a finding.

Fix Text (F-17005r1_fix)
Remove excessive permissions on private keys.