An error occurred:

Check: CYLN-OP-000835

Arctic Wolf CylanceON-PREM STIG: CYLN-OP-000835 (in version v1 r1)

Title

CylanceON-PREM must be configured with a DOD issued certificate (or another authorizing official [AO]-approved certificate). (Cat II impact)

Discussion

The DOD will only accept PKI certificates obtained from a DOD-approved internal or external certificate authority. Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of TLS certificates. This requirement focuses on communications protection for the CylanceON-PREM session rather than for the network packet. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and Service-Oriented Architectures (SOAs). Using a trusted access credential reduces risk of unauthorized access. Satisfies: SRG-APP-000391, SRG-APP-000175, SRG-APP-000392, SRG-APP-000402, SRG-APP-000403, SRG-APP-000427

Check Content

Verify Certificate-Based Authentication Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Certificate-Based Authentication. 4. Click "Edit" to open configuration. If Certificate-Based Authentication is not enabled, this is a finding. If the certificate is not a DOD-issued certificate (or other AO-approved certificate), this is a finding.

Fix Text

Configure Certificate-Based Authentication Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Certificate-Based Authentication. 4. Click "Edit" to open configuration. 5. Turn on the Certificate-Based Authentication setting. 6. Click "Add Certificate". 7. Browse for the file or drag and drop the file to upload it. (Note: The certificate must be a DOD-issued certificate or other AO-approved certificate.) 8. Click "Upload Certificate". 9. Click the green check to save changes.

Additional Identifiers

Rule ID: SV-272639r1113556_rule

Vulnerability ID: V-272639

Group Title: SRG-APP-000391

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000185

For public key-based authentication, validate certificates by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
CCI-001953

Accept Personal Identity Verification-compliant credentials.
CCI-001954

Electronically verify Personal Identity Verification-compliant credentials.
CCI-002009

Accept Personal Identity Verification-compliant credentials from other federal agencies.
CCI-002010

Electronically verify Personal Identity Verification-compliant credentials from other federal agencies.
CCI-002470

Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-2(12)

Acceptance of PIV Credentials
IA-5(2)

Pki-based Authentication
IA-8(1)

Acceptance of PIV Credentials from Other Agencies
SC-23(5)

Allowed Certificate Authorities