UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Only DoD PKI issued or DoD approved server authentication certificates must be installed on DoD mobile operating system devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33171 SRG-OS-000179-MOS-000102 SV-43569r2_rule Medium
Description
If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41431r1_chk )
Review the mobile operating system certificate store for the device authentication certificates. In some cases, the certificates may not be visible. In this situation, consult system documentation to determine what certificates are installed on the device. Match the certificates present against a list of approved certificates. Verify there are no unapproved certificates present. If there are unapproved device authentication certificates installed on the device, this is a finding.
Fix Text (F-37070r2_fix)
Remove unapproved software authentication certificates from the device.