The DOD Root Certificate is not installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6318	DTBG010	SV-33373r2_rule		Medium

Description
The DOD root certificate will ensure that the trust chain is established for server certificate issued from the DOD CA.

STIG	Date
Mozilla Firefox	2017-01-06

Details

Check Text ( C-16602r3_chk )
Procedure: Navigate using the “Open Menu >> Options >> Advanced >> Certificates” dialog. Select the View Certificates button. On the “Certificate Manager” window, select the “Authorities” tab. Scroll through the Certificate Name list to the U.S. Government heading. Look for the entry for the DoD Root CA 2. If there is an entry for the DoD Root CA 2, select the entry and then the View button. On the Certificate Viewer window, determine the value of the SHA1 Fingerprint field. Criteria: If there is no entry for the DoD Root CA 2, this is a finding. For NIPRnet clients only,if the value of the SHA1 Fingerprint field of the DoD Root CA 2 certificate is not: 8C:94:1B:34:EA:1E:A6:ED:9A:E2:BC:54:CF:68:72:52:B4:C9:B5:61, this is a finding.

Check Text ( C-16602r3_chk )

Procedure: Navigate using the “Open Menu >> Options >> Advanced >> Certificates” dialog. Select the View Certificates button. On the “Certificate Manager” window, select the “Authorities” tab. Scroll through the Certificate Name list to the U.S. Government heading. Look for the entry for the DoD Root CA 2.

If there is an entry for the DoD Root CA 2, select the entry and then the View button. On the Certificate Viewer window, determine the value of the SHA1 Fingerprint field.

Criteria:
If there is no entry for the DoD Root CA 2, this is a finding.

For NIPRnet clients only,if the value of the SHA1 Fingerprint field of the DoD Root CA 2 certificate is not:
8C:94:1B:34:EA:1E:A6:ED:9A:E2:BC:54:CF:68:72:52:B4:C9:B5:61, this is a finding.

Fix Text (F-5841r2_fix)
Install the DOD CA 2 root certificate.