The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.

An XCCDF Rule

Description

<VulnDiscussion>DoD Instruction 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling mandates that certificates must be issued by the DoD PKI or by a DoD-approved PKI for authentication, digital signature, or encryption.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-228674r513627_rule
Severity: Medium
References: CCI-000366 CCI-001159
Updated: 9 months ago

Obtain a Device Certificate from the DoD PKI or from a DoD-approved PKI:
Go to Device >> Certificate Management >> Certificates
Select "Import" (at the bottom of the pane). 
In the "Import Certificate" pane, complete each field.
Select "OK".

The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.

Description

Remediation - Manual Procedure