Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The MDM server must have access to DoD root and intermediate PKI certificates when performing DoD PKI related transactions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36245 | SRG-APP-194-MDM-227-SRV | SV-47649r1_rule | Medium |
| Description |
|---|
| DoD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an adversary could falsely sign a certificate in such a way that it could not be detected. Providing access to the DoD root and intermediate PKI certificates greatly diminishes the risk of this attack. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44485r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the root and intermediate certificates are present. In some cases, their presence may not be detected by user inspection, in which case the reviewer should review MDM server documentation to determine whether they are present. If higher assurance is required, the reviewer should attempt to perform a transaction using a falsely signed certificate. If the certificate is accepted, the operating system is likely not performing the required check of root and intermediate certificates. If the DoD root and intermediate certificates are not present, this is a finding. |
| Fix Text (F-40775r1_fix) |
|---|
| Install DoD root and intermediate certificates on the MDM server. |