Check: WN12-GE-000025
Microsoft Windows Server 2012/2012 R2 Member Server STIG:
WN12-GE-000025
(in versions v3 r7 through v2 r7)
Title
The system must query the certification authority to determine whether a public key certificate has been revoked before accepting the certificate for authentication purposes. (Cat II impact)
Discussion
Failure to verify a certificate's revocation status can result in the system accepting a revoked, and therefore unauthorized, certificate. This could result in the installation of unauthorized software or a connection for rogue networks, depending on the use for which the certificate is intended. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate.
Check Content
Verify the system has software installed and running that provides certificate validation and revocation checking. If it does not, this is a finding.
Fix Text
Install software that provides certificate validation and revocation checking.
Additional Identifiers
Rule ID: SV-225436r877395_rule
Vulnerability ID: V-225436
Group Title: SRG-OS-000125-GPOS-00065
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |