An error occurred:

Check: WINPK-000003

Windows 2003 DC STIG: WINPK-000003 (in version v6 r40)

Title

The DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed. (Cat II impact)

Discussion

To ensure that users do not experience denial of service on NIPRNet when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CA 2, the DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed in the Untrusted Certificate Store. This requirement only applies to NIPRNet systems.

Check Content

Fix Text

Install the DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate on NIPRNet systems only. The FBCA Cross-Certificate Remover tool is available on IASE at http://iase.disa.mil/pki-pke/function_pages/tools.html

Additional Identifiers

Rule ID: SV-42603r4_rule

Vulnerability ID: V-32274

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000185

For public key-based authentication, validate certificates by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
CCI-002470

Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5(2)

Pki-based Authentication
SC-23(5)

Allowed Certificate Authorities