Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-36736 | WN08-GE-000030 | SV-48385r1_rule | IATS-1 IATS-2 | Medium |
Description |
---|
Failure to verify a certificate's revocation status can result in the system accepting a revoked and therefore unauthorized, certificate. This could result in the installation of unauthorized software or a connection for rogue networks, depending on the use for which the certificate is intended. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate. |
STIG | Date |
---|---|
Windows 8 Security Technical Implementation Guide | 2014-01-07 |
Check Text ( C-45054r1_chk ) |
---|
Verify the system has software installed and running that provides certificate validation and revocation checking. If it does not, this is a finding. |
Fix Text (F-41516r1_fix) |
---|
Install software that provides certificate validation and revocation checking. |