The operating system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000179-NA	SRG-OS-000179-NA	SRG-OS-000179-NA_rule		Medium

Description
For user certificates, each organization attains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. This control focuses on certificates with a visibility external to the information system and does not include certificates related to internal system operations, for example, application-specific time services.

Description

For user certificates, each organization attains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. This control focuses on certificates with a visibility external to the information system and does not include certificates related to internal system operations, for example, application-specific time services.

STIG	Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide	2013-02-05

Details

Check Text ( C-SRG-OS-000179-NA_chk )
RHEL6 cannot support this requirement without assistance from an external application, policy, or service. This requirement is NA.

Fix Text (F-SRG-OS-000179-NA_fix)
This requirement is NA. No fix is required.