CCI-002008

The organization, for PKI-based authentication, employs a deliberate organization-wide methodology for managing the content of PKI trust stores installed across all platforms including networks, operating systems, browsers, and applications.

Implementation Guidance

DoD trust store management requirements are defined in information system components’ applicable STIGs and SRGs. All information systems are required to undergo a STIG compliance review as part of their certification and accreditation process prior to being granted an authority to operate. DoD Components are automatically compliant with this CCI because they are covered by the DoD-level STIGs and SRGs.

Validation Procedures

DoD trust store management requirements are defined in information system components’ applicable STIGs and SRGs. All information systems are required to undergo a STIG compliance review as part of their certification and accreditation process prior to being granted an authority to operate. DoD Components are automatically compliant with this CCI because they are covered by the DoD-level STIGs and SRGs.

Compelling Evidence

Automatically Compliant

The controls below (if any) were marked by NIST as being related to CCI-002008.