CCI-000185
CCI-000185 Definition
Status | |
Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
The information system performing hardware token-based authentication must be configured to validate DoD-approved PKI credentials in accordance with RFC 5280. The information system must be configured to perform a revocation check as part of the certificate validation process. Revocation checking may be performed using certificate revocation lists (CRLs) published by the issuing PKI or Online Certificate Status Protocol (OCSP) services. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 185.
Validation Procedures
The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed has configured the information system to validate DoD-approved PKI credentials in accordance with RFC 5280. The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed has configured the information system to perform a revocation check as part of the certificate validation process. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 185.
Compelling Evidence
1.) Signed and dated SOP/TTP documenting the use of a validated DoD-approved PKI credentials in accordance with RFC 5280 2.) Applicable STIG/SRG checks