UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system, for PKI-based authentication must validate certificates by querying the certification authority for revocation status of the certificate.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32983 SRG-OS-000066-MOS-000033 SV-43381r1_rule Low
Description
Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Failure to verify a certificate's revocation status can result in the system accepting a revoked or otherwise unauthorized certificate resulting in installation of unauthorized software or connection to rogue networks. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate.
STIG Date
Mobile Operating System Security Requirements Guide 2013-04-12

Details

Check Text ( C-41282r2_chk )
Inspect the mobile operating system configuration for validation of certificates used for PKI-based authentication. Confirm queries to the certification authority are performed for revocation status of certificates. If queries are not performed for revocation status of certificates, this is a finding.
Fix Text (F-36897r2_fix)
Configure the mobile operating system to validate certificates by querying the certification authority for revocation status of the certificate.