UCF STIG Viewer Logo

The MDM server must have access to DoD root and intermediate PKI certificates when performing DoD PKI related transactions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36245 SRG-APP-194-MDM-227-SRV SV-47649r1_rule Medium
Description
DoD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an adversary could falsely sign a certificate in such a way that it could not be detected. Providing access to the DoD root and intermediate PKI certificates greatly diminishes the risk of this attack.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44485r1_chk )
Review the MDM server configuration to determine whether the root and intermediate certificates are present. In some cases, their presence may not be detected by user inspection, in which case the reviewer should review MDM server documentation to determine whether they are present. If higher assurance is required, the reviewer should attempt to perform a transaction using a falsely signed certificate. If the certificate is accepted, the operating system is likely not performing the required check of root and intermediate certificates. If the DoD root and intermediate certificates are not present, this is a finding.
Fix Text (F-40775r1_fix)
Install DoD root and intermediate certificates on the MDM server.