An error occurred:

Check: WINPK-000001

Windows 2003 DC STIG: WINPK-000001 (in version v6 r40)

Title

The DoD Root Certificate must be installed. (Cat II impact)

Discussion

To ensure secure DoD websites and DoD signed code are properly validated, the system must trust the DoD Root CA 2. The DOD root certificate will ensure that the trust chain is established for server certificates issued from the DOD CA.

Check Content

Fix Text

Install the DoD Root CA 2 certificate. The InstallRoot tool is available on IASE at http://iase.disa.mil/pki-pke/function_pages/tools.html.

Additional Identifiers

Rule ID: SV-42592r3_rule

Vulnerability ID: V-32272

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000185

For public key-based authentication, validate certificates by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
CCI-002470

Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5(2)

Pki-based Authentication
SC-23(5)

Allowed Certificate Authorities