UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Software certificate installation files must be removed from a system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15823 2.021 SV-25004r2_rule ECSC-1 Medium
Description
Use of software certificates and their accompanying installation files for end users to access resources is less secure than the use of hardware-based certificates.
STIG Date
Windows 7 Security Technical Implementation Guide 2015-09-02

Details

Check Text ( C-62087r1_chk )
Search all drives for *.p12 and *.pfx files.

If any files with these extensions exist, then this is a finding.

This does not apply to server-based applications that have a requirement for .p12 certificate files (e.g., Oracle Wallet Manager). Some applications create files with extensions of .p12 that are NOT certificate installation files. Removal from systems of non-certificate installation files are not required. These should be documented with the ISSO.
Fix Text (F-66985r1_fix)
Remove any certificate installation files found on a system.

This does not apply to server-based applications that have a requirement for .p12 certificate files (e.g., Oracle Wallet Manager).