UCF STIG Viewer Logo

The Good Mobility Suite email client must provide a mechanism to provide certificate validation through a trusted OCSP, CRL, or SCVP.


Overview

Finding ID Version Rule ID IA Controls Severity
V-53035 GOOD-00-000610 SV-67251r1_rule Medium
Description
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case, the requirement states that the email client must validate certificates through a trusted OCSP, CRL, or SCVP.
STIG Date
Good for Enterprise 8.x Security Technical Implementation Guide 2014-08-18

Details

Check Text ( C-54539r1_chk )
Review the Good Mobility Suite server configuration to verify the mobile email client provides a mechanism to provide certificate validation through a trusted OCSP, CRL, or SCVP. Otherwise, this is a finding.
Fix Text (F-57845r2_fix)
Configure the Good Mobility Suite server to provide a mechanism to provide certificate validation through a trusted OCSP, CRL, or SCVP.

-Launch the Good Mobile Control Web console and click on the Settings tab
-On the left side, select Secure Messaging (S/MIME)
-Verify Enable Secure Messaging (S/MIME) is checked and the LDAP and OCSP URL values are configured properly
-Click on Save and proceed to the Policies tab
-Select the policy set for the smart phone and select Good For Enterprise Authentication
-Verify Enable S/MIME is checked

Optional: To enable CAC/PIV (hard token), ensure Good Vault is selected; otherwise, soft token will be the default.