UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must give the user the option to deny acceptance of a certificate if the certificate was issued by an untrusted certificate authority.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32989 SRG-OS-000066-MOS-000037 SV-43387r1_rule Medium
Description
When the operating system accepts the use of certificates issued from an untrusted certificate authority, there is the potential that the system presenting the certificate is malicious, and can compromise sensitive information or system integrity. Allowing the operating system or user to deny certificates from an untrusted certificate authority mitigates the risk associated with the acceptance of such certificates.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41286r1_chk )
Inspect the mobile operating system configuration for the user option to deny acceptance of a certificate if the certificate was issued by an untrusted certificate authority. If the operating system does not allow the user to reject a certificate issued from an untrusted certificate authority, this is a finding.
Fix Text (F-36901r1_fix)
Configure the mobile operating system to give the user the option to deny acceptance of a certificate if it from an untrusted certificate authority.