The DBN-6300 must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-77023 | DBNW-DM-000141 | SV-91719r1_rule | Medium |
| Description |
|---|
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. Self-signed certificates are not allowed. |
| STIG | Date |
|---|---|
| DBN-6300 NDM Security Technical Implementation Guide | 2017-09-15 |
Details
| Check Text ( C-76649r1_chk ) |
|---|
| Verify that the Public Key Certificate is installed and has been obtained from an appropriate certificate policy through an approved service provider. Navigate to CLI and verify that there is a registry entry similar to below: Reg set /sysconfig/tls/trustedcas EOF (enter/paste certificate here) EOF If an entry is not found in the registry with the appropriate certificate, this is a finding. |
| Fix Text (F-83719r1_fix) |
|---|
| Verify that the Public Key Certificate is installed and has been obtained from an appropriate certificate policy through an approved service provider. Set the trusted-ca variable within the DBN-6300 through the CLI. This value is set with the following registry entry in the CLI: Reg set /sysconfig/tls/trustedcas EOF (enter/paste certificate here) EOF |