The DoD Interoperability Root CA 1 to DoD Root CA 2 cross-certificate must be installed into the Untrusted Certificates Store.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32274 | WN12-PK-000003 | SV-52957r3_rule | Medium |
| Description |
|---|
| To ensure users do not experience denial of service on NIPRNet when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CA 2, the DoD Interoperability Root CA 1 to DoD Root CA 2 cross-certificate must be installed in the Untrusted Certificate Store. This only applies to NIPRNet systems. |
| STIG | Date |
|---|---|
| Windows Server 2012 / 2012 R2 Member Server Security Technical Implementation Guide | 2016-07-22 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-48597r1_fix) |
|---|
| Install the DoD Interoperability Root CA 1 to DoD Root CA 2 cross-certificate on NIPRNet systems only. Administrators should run the Federal Bridge Certification Authority (FBCA) Cross-Certificate Removal Tool once as an administrator and once as the current user. The FBCA Cross-Certificate Remover tool and user guide is available on IASE at http://iase.disa.mil/pki-pke/function_pages/tools.html. |