Check: SRG-OS-000384-GPOS-00167
General Purpose Operating System SRG:
SRG-OS-000384-GPOS-00167
(in versions v3 r1 through v1 r6)
Title
The operating system, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. (Cat II impact)
Discussion
Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).
Check Content
Verify the operating system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If it does not, this is a finding.
Fix Text
Configure the operating system, for PKI-based authentication, to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
Additional Identifiers
Rule ID: SV-203734r982217_rule
Vulnerability ID: V-203734
Group Title: SRG-OS-000384
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001991 |
The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network. |
CCI-004068 |
For public key-based authentication, implement a local cache of revocation data to support path discovery and validation. |
Controls
Number | Title |
---|---|
IA-5(2) |
Pki-based Authentication |