UCF STIG Viewer Logo

The MEM client must set the Smart Card or Certificate Store Password caching timeout period to no more than 120 minutes, if Smart Card or Certificate Store Password caching is available.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32797 WIR-WMS-MEM-16 SV-43143r1_rule ECCR-1 Medium
Description
The certificate/key store contents must not remain unencrypted indefinitely; otherwise, the encryption keys and PKI certificates stored in the store could be compromised. The store must re-encrypt contents of the store on or before the required timeout period.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41130r3_chk )
Verify the MEM client sets the Smart Card or Certificate Store Password caching timeout period from at least 15 to 120 minutes, if Smart Card or Certificate Store Password caching is available. Talk to the site system administrator and have them show this capability exists in the MEM server and is set as required. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features. Mark as NA if the MEM client does not cache the certificate store password.
Fix Text (F-36678r3_fix)
Use a MEM product to set the Smart Card or Certificate Store Password caching timeout period of no more than 120 minutes, if Smart Card or Certificate Store Password caching is available.