ONTAP must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246945 | NAOT-CM-000008 | SV-246945r769167_rule | Medium |
| Description |
|---|
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. |
| STIG | Date |
|---|---|
| NetApp ONTAP DSC 9.x Security Technical Implementation Guide | 2021-07-28 |
Details
| Check Text ( C-50377r769165_chk ) |
|---|
| Use "security login show -authentication-method cert" to see user IDs created with public key certificates from a certificate authority. If ONTAP cannot obtain its public key certificates from an appropriate certificate policy, this is a finding. |
| Fix Text (F-50331r769166_fix) |
|---|
| Configure ONTAP to use public key certificates for authentication with "security certificate install -type client-ca -vserver |