Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The private web server must use an approved DoD client certificate validation process.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13672 | WG145 IIS7 | SV-32479r1_rule | IATS-1 IATS-2 | Medium |
| Description |
|---|
| Without the use of a client certificate validation process, the site is vulnerable to accepting expired or revoked certificates. This could allow unauthorized individuals access to the web server. The Certificate Revocation List (CRL) is a repository comprised of data usually from many contributing CRL sources. Certificate identifiers may arrive at the CRL for a number of reasons, for example, when an employee leaves, certificates expire, or if certificate keys become compromised and are reissued. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SERVER STIG | 2011-08-19 |
Details
| Check Text ( C-32794r1_chk ) |
|---|
| Verify Client Certificate Revocation is enabled on the server. 1. Open a Command Prompt and enter the following command: netsh http show sslcert 2. Note the value assigned to the Verify Client Certificate Revocation element. If the value of the Verify Client Certificate Revocation element is not enabled, this is a finding. |
| Fix Text (F-29073r1_fix) |
|---|
| Configure the web server to utilize an approved certificate validation process. |