The DataPower Gateway must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-65187 | WSDP-NM-000141 | SV-79677r1_rule | CCI-000366 | medium |
| Description | ||||
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. | ||||
| STIG | Date | |||
| IBM DataPower Network Device Management Security Technical Implementation Guide | 2017-10-05 | |||
Details
Check Text (C-79677r1_chk)
Go to Objects >> Crypto Configuration >> Crypto Certificate (for certs) or Crypto Key (for keys) to verify external keys/certs on the encrypted flash or FIPS 140-2 Level 3 HSM. If none exist, this is a finding.
Fix Text (F-71127r1_fix)
Go to Objects >> Crypto Configuration >> Crypto Certificate (for certs) or Crypto Key (for keys) to upload external keys/certs to the encrypted flash or FIPS 140-2 Level 3 HSM.