UCF STIG Viewer Logo

Applications involved in the production, control, and distribution of asymmetric cryptographic keys must use approved PKI Class 3 certificates or prepositioned keying material.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35609 SRG-APP-000194-AS-NA SV-46896r1_rule Medium
Description
Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. This requirement only addresses Class 3 certificates. CCI-001143 addresses both Class3 and Class 4 certificate usage. Class 4 certificates are used for "business to business" certificates which includes web service oriented applications. This requirement is NA, will use CCI-001143 as it covers both classes of certificates and addresses AS functionality and capability better.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43952r1_chk )
The requirement is NA for the AS SRG.
Fix Text (F-40150r2_fix)
The requirement is NA. No fix is required.