UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A private web server must subscribe to certificates, issued from any DoD-authorized Certificate Authority, as an access control mechanism for web users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24363 HMC0170 SV-30031r1_rule IATS-1 IATS-2 Medium
Description
Hardware Management Consoles (HMC) use SSL encryption techniques, through digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers. To maintain data integrity the IBM Certificate distributed with the HMC's is to be replaced by a DoD-authorized Certificate.
STIG Date
IBM Hardware Management Console (HMC) STIG 2013-06-26

Details

Check Text ( C-29866r1_chk )
The System Reviewer will have the System Administrator use the Hardware Management Console Certificate Management Task to validate that the private key and certificate shipped with any network-connected HMC from IBM was replaced with an approved DoD- authorized Certificate.

Note: This Check only applies to network-connected HMCs.

Note: DoD certificates should display the following Information 'OU=PKI.OU=DoD.O=U.S. Government.C=US'

If private web server does not subscribe to certificates issued from any DoD-authorized Certificate Authority as an access control mechanism for web users, then this is a FINDING.
Fix Text (F-26767r1_fix)
The System Administrator will order a DoD PKI to replace the IBM Certificate and have the System Administrator use the Hardware Management Console Certificate Management Task to install it.

Note: This only applies to networked HMCs.