Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000164-NDM-000121 | SRG-NET-000164-NDM-000121 | SRG-NET-000164-NDM-000121_rule | Medium |
Description |
---|
A trust anchor is an authoritative entity represented via a public key. Within a chain of trust, the top entity to be trusted is the "root certificate" or "trust anchor", such as a Certification Authority (CA). A certification path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted CA. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2013-07-30 |
Check Text ( C-SRG-NET-000164-NDM-000121_chk ) |
---|
Verify the network device validates certificates used for PKI-based authentication by constructing a certification path to an accepted trust anchor. If the network device does not validate certificates used for PKI-based authentication by constructing a certification path to an accepted trust anchor, this is a finding. |
Fix Text (F-SRG-NET-000164-NDM-000121_fix) |
---|
Configure the network device to validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor. |