Navigate

Check: CACI-ND-000007

Cisco ACI NDM STIG: CACI-ND-000007 (in version v1 r2)

Title

The Cisco ACI must obtain its public key certificates from an appropriate certificate policy through an approved service provider. (Cat II impact)

Discussion

After the Cisco ACI is initialized, it uses the self-signed certificate as the SSL certificate for HTTPS. This self-signed certificate is neither appropriate nor approved for use in DOD.

Check Content

From the GUI menu bar: 1. Navigate to Admin >> AAA >> Security >> Certificate Authorities. 2. Verify the Issuer is an approved CA. If the Cisco ACI does not obtain its public key certificates from an approved certificate policy through an approved service provider, this is a finding.

Fix Text

From the GUI menu bar: 1. Navigate to Admin >> AAA >> Security >> Certificate Authorities. 2. Complete the form to configure CA root certificate. 3. Click "Submit".

Additional Identifiers

Rule ID: SV-271922r1168360_rule

Vulnerability ID: V-271922

Group Title: SRG-APP-000516-NDM-000344

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001159	Issue public key certificates under an organization-defined certificate policy or obtain public key certificates from an approved service provider.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SC-17	Public Key Infrastructure Certificates