UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Software certificate installation files must be removed from a system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63393 WN10-00-000130 SV-77883r1_rule Medium
Description
Use of software certificates and their accompanying installation files for end users to access resources is less secure than the use of hardware-based certificates.
STIG Date
Windows 10 Security Technical Implementation Guide 2019-01-04

Details

Check Text ( C-64141r1_chk )
Search all drives for *.p12 and *.pfx files.

If any files with these extensions exist, this is a finding.

This does not apply to server-based applications that have a requirement for .p12 certificate files (e.g., Oracle Wallet Manager). Some applications create files with extensions of .p12 that are NOT certificate installation files. Removal of non-certificate installation files from systems is not required. These must be documented with the ISSO.
Fix Text (F-69321r1_fix)
Remove any certificate installation files (*.p12 and *.pfx) found on a system.

Note: This does not apply to server-based applications that have a requirement for .p12 certificate files (e.g., Oracle Wallet Manager).