Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-94691	SYMP-NM-000200	SV-104521r1_rule		Medium

Description
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.

STIG	Date
Symantec ProxySG NDM Security Technical Implementation Guide	2019-12-20

Details

Check Text ( C-93881r1_chk )
Verify all management certificates are issued by an appropriate certificate authority. 1. Log on to the Web Management Console. 2. Click Services >> Management Services, click on HTTPS-Console and click "Edit". 3. Note the name of the "keyring" assigned. 4. Click Configuration >> SSL >> Keyrings. 5. Select the keyring that was noted above, click "View Certificate". 6. Confirm that the certificate is issued by the appropriate certificate authority. If Symantec ProxySG does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.

Check Text ( C-93881r1_chk )

Verify all management certificates are issued by an appropriate certificate authority.

1. Log on to the Web Management Console.
2. Click Services >> Management Services, click on HTTPS-Console and click "Edit".
3. Note the name of the "keyring" assigned.
4. Click Configuration >> SSL >> Keyrings.
5. Select the keyring that was noted above, click "View Certificate".
6. Confirm that the certificate is issued by the appropriate certificate authority.

If Symantec ProxySG does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.

Fix Text (F-100809r1_fix)
Assign an appropriately signed certificate to the management interface. 1. Log on to the Web Management Console. 2. Click Configuration >> SSL >> Keyrings. 3. Click "Create", provide a name and bit size, click "OK". 4. Select the newly created keyring, click "Edit". 5. Click "Create" under "Certificate Signing Request" and enter the appropriate information, click "OK", click "Close", click "Apply". 6. Select the newly created keyring, click "Edit". 7. Copy the text in the "Certificate Signing Request" field and submit to your appropriate Certificate Authority. 8. Once the certificate has been issued, paste it into the "Certificate" field, click "Close", click "Apply". 9. Click Services >> Management Services, click on "HTTPS-Console", click "Edit". 10. Change the "Keyring" value to the newly created keyring, click "OK", click "Apply".

Fix Text (F-100809r1_fix)

Assign an appropriately signed certificate to the management interface.

1. Log on to the Web Management Console.
2. Click Configuration >> SSL >> Keyrings.
3. Click "Create", provide a name and bit size, click "OK".
4. Select the newly created keyring, click "Edit".
5. Click "Create" under "Certificate Signing Request" and enter the appropriate information, click "OK", click "Close", click "Apply".
6. Select the newly created keyring, click "Edit".
7. Copy the text in the "Certificate Signing Request" field and submit to your appropriate Certificate Authority.
8. Once the certificate has been issued, paste it into the "Certificate" field, click "Close", click "Apply".
9. Click Services >> Management Services, click on "HTTPS-Console", click "Edit".
10. Change the "Keyring" value to the newly created keyring, click "OK", click "Apply".