UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element must validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000164-FW-NA SRG-NET-000164-FW-NA SRG-NET-000164-FW-NA_rule Medium
Description
A trust anchor is an authoritative entity represented via a public key. Within a chain of trust, the top entity to be trusted is the "root certificate" or "trust anchor" such as a Certification Authority (CA). A certification path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted CA. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted. This is the role of the authentication server, VPN server, or remote access server.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000164-FW-NA_chk )
This requirement is NA for firewall. No fix required.
Fix Text (F-SRG-NET-000164-FW-NA_fix)
This requirement is NA for firewall. No fix required.