Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Mission Owner of the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) must use valid DOD Online Certificate Status Protocol (OCSP) responders.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259871 | SRG-NET-000580-CLD-000075 | SV-259871r945601_rule | Medium |
| Description |
|---|
| To provide assurances that certificates are validated by the correct responders, the Mission Owner must ensure they are using a valid DOD OCSP responder for remote system DOD Common Access Card (CAC) two-factor authentication of DOD privileged users to systems instantiated within the cloud service environment. |
| STIG | Date |
|---|---|
| Cloud Computing Mission Owner Network Security Requirements Guide | 2024-06-13 |
Details
| Check Text ( C-63602r945599_chk ) |
|---|
| This applies to all Impact Levels. If this is a Software as a Service (SaaS) implementation, this is not a finding. Verify that a valid DOD OCSP responder is configured for the implemented systems/applications. If the cloud IaaS/PaaS does not use an approved DOD OCSP responder, this is a finding. |
| Fix Text (F-63509r945600_fix) |
|---|
| This applies to all Impact Levels. FedRAMP Moderate, High. Configure the IaaS/PaaS to use an approved DOD OCSP responder. |