Check: SRG-APP-000516-NDM-000344
Network Device Management SRG:
SRG-APP-000516-NDM-000344
(in versions v4 r3 through v2 r7)
Title
The network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider. (Cat II impact)
Discussion
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
Check Content
Determine if the network device obtains public key certificates from an appropriate certificate policy through an approved service provider. If the network device does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.
Fix Text
Configure the network device to obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Additional Identifiers
Rule ID: SV-202139r879887_rule
Vulnerability ID: V-202139
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001159 |
The organization issues public key certificates under an organization-defined certificate policy or obtains public key certificates from an approved service provider. |