UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MEM client must alert the user if it receives a public-key certificate issued from an untrusted certificate authority.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32777 WIR-WMS-MEM-02 SV-43123r1_rule IAKM-1 IAKM-2 Medium
Description
When the public-key certificate is issued from an untrusted certificate authority, the certificate cannot be trusted and the recipient must have the capability to accept or deny the certificate and act on the email content based on sensitivity of the email content and mission needs.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-01-17

Details

Check Text ( C-41110r4_chk )
Verify the MEM client alerts the user if it receives a public-key certificate issued from an untrusted certificate authority. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features.
Fix Text (F-36658r2_fix)
Use a MEM product that alerts the user if it receives a public-key certificate issued from an untrusted certificate authority.