Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32797 | WIR-WMS-MEM-16 | SV-43143r1_rule | ECCR-1 | Medium |
Description |
---|
The certificate/key store contents must not remain unencrypted indefinitely; otherwise, the encryption keys and PKI certificates stored in the store could be compromised. The store must re-encrypt contents of the store on or before the required timeout period. |
STIG | Date |
---|---|
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2013-01-17 |
Check Text ( C-41130r3_chk ) |
---|
Verify the MEM client sets the Smart Card or Certificate Store Password caching timeout period from at least 15 to 120 minutes, if Smart Card or Certificate Store Password caching is available. Talk to the site system administrator and have them show this capability exists in the MEM server and is set as required. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. Mark as NA if the MEM client does not cache the certificate store password. |
Fix Text (F-36678r3_fix) |
---|
Use a MEM product to set the Smart Card or Certificate Store Password caching timeout period of no more than 120 minutes, if Smart Card or Certificate Store Password caching is available. |