The MEM client must verify user digital certificate when performing PKI transactions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32782 | WIR-WMS-MEM-05 | SV-43128r1_rule | IAKM-1 IAKM-2 | Medium |
| Description |
|---|
| The trust of any PKI operation is contingent on the certificate chain. Authentication and encryption services based on PKI would be untrusted if the certificate chain is not verified. |
| STIG | Date |
|---|---|
| Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41115r4_chk ) |
|---|
| Verify the MEM client verifies the user digital certificate in the certificate chain when performing PKI transactions. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
| Fix Text (F-36663r4_fix) |
|---|
| Use a MEM product that verifies the user digital certificate in the certificate chain. |