The system must query the certification authority to determine whether a public key certificate has been revoked before accepting the certificate for authentication purposes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
WN12-GE-000025	WN12-GE-000025	WN12-GE-000025_rule		Medium

Description
Failure to verify a certificate's revocation status can result in the system accepting a revoked, and therefore unauthorized, certificate. This could result in the installation of unauthorized software or a connection for rogue networks, depending on the use for which the certificate is intended. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate.

Description

Failure to verify a certificate's revocation status can result in the system accepting a revoked, and therefore unauthorized, certificate. This could result in the installation of unauthorized software or a connection for rogue networks, depending on the use for which the certificate is intended. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate.

STIG	Date
Microsoft Windows Server 2012 Member Server Security Technical Implementation Guide	2013-07-25

Details

Check Text ( C-WN12-GE-000025_chk )
Verify the system has software installed and running that provides certificate validation and revocation checking. If it does not, this is a finding.

Fix Text (F-WN12-GE-000025_fix)
Install software that provides certificate validation and revocation checking.