UCF STIG Viewer Logo

The fabric switches must use DoD-approved PKI rather than proprietary or self-signed device certificates.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6634 SAN04.011.00 SV-6768r2_rule Low
Description
DOD PKI supplies better protection from malicious attacks than userid/password authentication and should be used anytime it is feasible.
STIG Date
Storage Area Network STIG 2019-06-28

Details

Check Text ( C-2526r2_chk )
The reviewer will, with the assistance of the IAO/NSO, verify fabric switches are protected by DOD PKI.

View the installed device certificates.

Verify a DoD -approved certificate is loaded.

If any of the certificates have the name or identifier of a non-DoD- approved source in the Issuer field, this is a finding.
Fix Text (F-6229r2_fix)
Generate a new key-pair from a DoD-approved certificate issuer. Sites must consult the PKI/PKI pages on the http://iase.disa.mil/ website for procedures for NIPRNet and SIPRNet.