The DoD Root CA certificates must be installed in the Trusted Root Store.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32272 | WINPK-000001 | SV-42596r4_rule | Medium |
| Description |
|---|
| To ensure secure DoD websites and DoD-signed code are properly validated, the system must trust the DoD Root Certificate Authorities (CAs). The DoD root certificates will ensure that the trust chain is established for server certificates issued from the DoD CAs. |
| STIG | Date |
|---|---|
| Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2017-04-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-76945r2_fix) |
|---|
| Install the DoD Root CA certificates. DoD Root CA 2 DoD Root CA 3 DoD Root CA 4 The InstallRoot tool is available on IASE at http://iase.disa.mil/pki-pke/Pages/tools.aspx. |