Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Riverbed Optimization System (RiOS) must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62987 | RICX-DM-000138 | SV-77477r1_rule | Medium |
| Description |
|---|
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. |
| STIG | Date |
|---|---|
| Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide | 2019-10-01 |
Details
| Check Text ( C-63739r1_chk ) |
|---|
| Verify that RiOS is configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. Navigate to the device Management Console Navigate to Configure >> Optimization >> Certificate Authorities Verify that DoD Root Certificates are listed on this page If no DoD Root CA Certificates are listed on this page, this is a finding. |
| Fix Text (F-68905r1_fix) |
|---|
| Configure RiOS to use public key certificates from an appropriate certificate policy through an approved service provider. Navigate to the device Management Console Navigate to Configure >> Optimization >> Certificate Authorities Click "Add a New Certificate Authority" Select "Local File" and "Browse" Navigate to your local DoD CA Root Certificates and select a certificate Click "Add" Repeat Click "Add a New Certificate Authority" down to Click "Add" for each DoD Root Certificate Navigate to the top of the web page and click "Save" to save these settings permanently |