Navigate

Check: SRG-OS-000384-GPOS-00167

General Purpose Operating System SRG: SRG-OS-000384-GPOS-00167 (in versions v2 r7 through v1 r4)

Title

The operating system, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. (Cat II impact)

Discussion

Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).

Check Content

Verify the operating system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If it does not, this is a finding.

Fix Text

Configure the operating system, for PKI-based authentication, to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

Additional Identifiers

Rule ID: SV-203734r851805_rule

Vulnerability ID: V-203734

Group Title: SRG-OS-000384

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001991	The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (2)	Pki-Based Authentication