UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer and IAO will ensure PK-enabled applications are designed and implemented to use approved credentials authorized under the DoD PKI program.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6128 APP3290 SV-6128r1_rule IATS-1 IATS-2 Medium
Description
Using unapproved PKI certificates could allow access by non-DoD and unauthorized users.
STIG Date
Application Security and Development Checklist 2014-01-07

Details

Check Text ( C-2940r1_chk )
Policy:

The designer and IAO will ensure PK-enabled applications are designed and implemented to use approved credentials authorized under the DoD PKI program.

The IAO will ensure the PK-enabled applications are configured to honor only approved DoD PKI certificates.

If the application is not PK-enabled, this check is not applicable.

If the application resides on the SIPRNet and PKI infrastructure is unavailable, this check is not applicable.

Ask whether the application utilizes PKI certificates other than DoD PKI and External Certification Authority (ECA) certificates. Verify the certificate used in authentication in APP3280.

Internet Explorer can be used to view certificate information:
Select “Tools”
Select “Internet Options”
Select “Content” tab
Select “Certificates”
Select the certificate used for authentication:
Click “View”
Select “Details” tab
Select “Issuer”

If the application utilizes PKI certificates other than DoD PKI and ECA certificates, this is a finding.
Fix Text (F-17018r1_fix)
Configure the application to use approved DoD PKI certificates.