The MDM server must support organizational requirements to issue public-key certificates under an appropriate certificate policy or obtain public-key certificates under an appropriate certificate policy from an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36255 | SRG-APP-205-MDM-233-SRV | SV-47659r1_rule | Medium |
| Description |
|---|
| Only DoD PKI issued or approved software authentication certificates must be installed on DoD mobile operating system devices. Without this trust paths would be broken which could lead to unapproved certificates being used. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44495r1_chk ) |
|---|
| Review the MDM server configuration to determine whether the MDM server issues public-key certificates. If no, this requirement is not applicable. If yes, verify the server issues certificates that are compliant with the DoD PKI and DoD certificate policy. If the MDM server issues certificates that are not compliant with the DoD PKI and DoD certificate policy, this is a finding. |
| Fix Text (F-40785r1_fix) |
|---|
| Configure the MDM server to issue only DoD approved certificates, if this feature is supported. |