The DoD Root CA certificates must be installed in the Trusted Root Store.

An XCCDF Rule

Description

<VulnDiscussion>To ensure secure DoD websites and DoD-signed code are properly validated, the system must trust the DoD Root Certificate Authorities (CAs). The DoD root certificates will ensure that the trust chain is established for server certificates issued from the DoD CAs.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253427r958448_rule
Severity: Medium
References: CCI-000185
Updated: 17 days ago

Install the DoD Root CA certificates.
DoD Root CA 3
DoD Root CA 4
DoD Root CA 5                                               
DoD Root CA 6
The InstallRoot tool is available on Cyber Exchange at https://cyber.mil/pki-pke/tools-configuration-files. PKI can be found at https://crl.gds.disa.mil/.

The DoD Root CA certificates must be installed in the Trusted Root Store.

Description

Remediation - Manual Procedure