The operating system must produce, control, and distribute asymmetric cryptographic keys using approved PKI Class 3 or Class 4 certificates and hardware security tokens that protect the users private key.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33151	SRG-OS-000168-NA	SV-43549r1_rule		Medium

Description
Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Rationale for non-applicability: This control is primarily intended for systems that act as a certificate authority or server. Mobile operating systems are not intended for this role. Aspects of certificate control that are handled by a mobile device are addressed by other controls in the MOS SRG.

Description

Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Rationale for non-applicability: This control is primarily intended for systems that act as a certificate authority or server. Mobile operating systems are not intended for this role. Aspects of certificate control that are handled by a mobile device are addressed by other controls in the MOS SRG.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41411r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37051r1_fix)
The requirement is NA. No fix is required.