Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32983 | SRG-OS-000066-MOS-000033 | SV-43381r1_rule | Low |
Description |
---|
Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Failure to verify a certificate's revocation status can result in the system accepting a revoked or otherwise unauthorized certificate resulting in installation of unauthorized software or connection to rogue networks. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-04-12 |
Check Text ( C-41282r2_chk ) |
---|
Inspect the mobile operating system configuration for validation of certificates used for PKI-based authentication. Confirm queries to the certification authority are performed for revocation status of certificates. If queries are not performed for revocation status of certificates, this is a finding. |
Fix Text (F-36897r2_fix) |
---|
Configure the mobile operating system to validate certificates by querying the certification authority for revocation status of the certificate. |