UCF STIG Viewer Logo

The MEM client must not accept certificate revocation information without verifying its authenticity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32781 WIR-WMS-MEM-04 SV-43127r1_rule IAKM-1 IAKM-2 Low
Description
When the public-key certificate has been identified as revoked but the revocation authenticity cannot be verified, the revocation cannot be trusted and the recipient must have the capability to accept or deny the certificate and act on the email content based on sensitivity of the email content and mission needs.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41114r3_chk )
Verify the MEM client does not accept certificate revocation information without verifying its authenticity. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features.
Fix Text (F-36662r3_fix)
Use a MEM product that does not accept certificate revocation information without verifying its authenticity.