UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000164-NDM-000121 SRG-NET-000164-NDM-000121 SRG-NET-000164-NDM-000121_rule Medium
Description
A trust anchor is an authoritative entity represented via a public key. Within a chain of trust, the top entity to be trusted is the "root certificate" or "trust anchor", such as a Certification Authority (CA). A certification path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted CA. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000164-NDM-000121_chk )
Verify the network device validates certificates used for PKI-based authentication by constructing a certification path to an accepted trust anchor. If the network device does not validate certificates used for PKI-based authentication by constructing a certification path to an accepted trust anchor, this is a finding.
Fix Text (F-SRG-NET-000164-NDM-000121_fix)
Configure the network device to validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor.