Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32274 | WINPK-000003 | SV-42605r4_rule | Medium |
Description |
---|
To ensure that users do not experience denial of service on NIPRNet when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CA 2, the DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed in the Untrusted Certificate Store. This requirement only applies to NIPRNet systems. |
STIG | Date |
---|---|
Windows 2008 Domain Controller Security Technical Implementation Guide | 2016-07-22 |
Check Text ( None ) |
---|
None |
Fix Text (F-48593r1_fix) |
---|
Install the DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate on NIPRNet systems only. The FBCA Cross-Certificate Remover tool is available on IASE at http://iase.disa.mil/pki-pke/function_pages/tools.html |