UCF STIG Viewer Logo

The DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32274 WINPK-000003 SV-42603r4_rule IATS-1 IATS-2 Medium
Description
To ensure that users do not experience denial of service on NIPRNet when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CA 2, the DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed in the Untrusted Certificate Store. This requirement only applies to NIPRNet systems.
STIG Date
Windows 2003 Member Server Security Technical Implementation Guide 2015-06-24

Details

Check Text ( None )
None
Fix Text (F-48591r1_fix)
Install the DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate on NIPRNet systems only. The FBCA Cross-Certificate Remover tool is available on IASE at http://iase.disa.mil/pki-pke/function_pages/tools.html