Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33781 | SRG-OS-000167-MOS-000086 | SV-44206r1_rule | Medium |
Description |
---|
DoD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an adversary could falsely sign a certificate in such a way that it could not be detected. Providing access to the DoD root and intermediate PKI certificates greatly diminishes the risk of this attack. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-04-12 |
Check Text ( C-41838r1_chk ) |
---|
Review the mobile operating system configuration to determine if the root and intermediate certificates are present. In some cases, their presence may not be detected by user inspection, in which case the reviewer should review system documentation to determine whether they are present. If the certificate is accepted, the operating system is likely not performing the required check of root and intermediate certificates. If the DoD root and intermediate certificates are not present, this is a finding. |
Fix Text (F-37681r1_fix) |
---|
Install DoD root and intermediate certificates on the device. |