The network device must validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000164-NDM-000121 | SRG-NET-000164-NDM-000121 | SRG-NET-000164-NDM-000121_rule | Medium |
| Description |
|---|
| A trust anchor is an authoritative entity represented via a public key. Within a chain of trust, the top entity to be trusted is the "root certificate" or "trust anchor", such as a Certification Authority (CA). A certification path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted CA. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000164-NDM-000121_chk ) |
|---|
| Verify the network device validates certificates used for PKI-based authentication by constructing a certification path to an accepted trust anchor. If the network device does not validate certificates used for PKI-based authentication by constructing a certification path to an accepted trust anchor, this is a finding. |
| Fix Text (F-SRG-NET-000164-NDM-000121_fix) |
|---|
| Configure the network device to validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor. |