An error occurred:

Check: SYMP-NM-000200

Symantec ProxySG NDM STIG: SYMP-NM-000200 (in versions v1 r2 through v1 r1)

Title

Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. (Cat II impact)

Discussion

For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.

Check Content

Verify all management certificates are issued by an appropriate certificate authority. 1. Log on to the Web Management Console. 2. Click Services >> Management Services, click on HTTPS-Console and click "Edit". 3. Note the name of the "keyring" assigned. 4. Click Configuration >> SSL >> Keyrings. 5. Select the keyring that was noted above, click "View Certificate". 6. Confirm that the certificate is issued by the appropriate certificate authority. If Symantec ProxySG does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.

Fix Text

Assign an appropriately signed certificate to the management interface. 1. Log on to the Web Management Console. 2. Click Configuration >> SSL >> Keyrings. 3. Click "Create", provide a name and bit size, click "OK". 4. Select the newly created keyring, click "Edit". 5. Click "Create" under "Certificate Signing Request" and enter the appropriate information, click "OK", click "Close", click "Apply". 6. Select the newly created keyring, click "Edit". 7. Copy the text in the "Certificate Signing Request" field and submit to your appropriate Certificate Authority. 8. Once the certificate has been issued, paste it into the "Certificate" field, click "Close", click "Apply". 9. Click Services >> Management Services, click on "HTTPS-Console", click "Edit". 10. Change the "Keyring" value to the newly created keyring, click "OK", click "Apply".

Additional Identifiers

Rule ID: SV-104521r1_rule

Vulnerability ID: V-94691

Group Title: SRG-APP-000516-NDM-000344

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.
CCI-001159

Issue public key certificates under an organization-defined certificate policy or obtain public key certificates from an approved service provider.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings
SC-17

Public Key Infrastructure Certificates