The Mission Owner of the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) must implement an encrypted, FIPS 140-2/3 compliant path between the implemented systems/applications and the DOD Online Certificate Status Protocol (OCSP) responders.

An XCCDF Rule

Description

<VulnDiscussion>The Mission Owner must use identity services, including an OCSP responder, for remote system DOD Common Access Card (CAC) two-factor authentication of DOD privileged (all Impact Levels) and/or nonprivileged users (Impact Levels 4–6) to systems instantiated within the cloud service environment.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259870r945598_rule
Severity: Medium
References: CCI-000185
Updated: 23 days ago

This applies to all Impact Levels.
FedRAMP Moderate, High.

Configure the IaaS/PaaS to implement an encrypted path that is FIPS 140-2/3 compliant between the implemented systems/applications and the DOD OCSP responders.

The Mission Owner of the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) must implement an encrypted, FIPS 140-2/3 compliant path between the implemented systems/applications and the DOD Online Certificate Status Protocol (OCSP) responders.

Description

Remediation - Manual Procedure