The network element must validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000164-FW-NA	SRG-NET-000164-FW-NA	SRG-NET-000164-FW-NA_rule		Medium

Description
A trust anchor is an authoritative entity represented via a public key. Within a chain of trust, the top entity to be trusted is the "root certificate" or "trust anchor" such as a Certification Authority (CA). A certification path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted CA. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted. This is the role of the authentication server, VPN server, or remote access server.

Description

A trust anchor is an authoritative entity represented via a public key. Within a chain of trust, the top entity to be trusted is the "root certificate" or "trust anchor" such as a Certification Authority (CA). A certification path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted CA. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted. This is the role of the authentication server, VPN server, or remote access server.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000164-FW-NA_chk )
This requirement is NA for firewall. No fix required.

Fix Text (F-SRG-NET-000164-FW-NA_fix)
This requirement is NA for firewall. No fix required.