Skip to content

The TippingPoint SMS must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

An XCCDF Rule

Description

<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-242257r961863_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

In the SMS client, ensure the certificate is signed by an authorized DoD Certificate Authority. 

1. Select Admin >> Certificate Management >> Certificates.
2. Select import. 
3. The SMS can import a certificate with a private key file separately, or can import a PKCS12/PFX file. The user can use OpenSSL on a separate system to generate the certificate signing request (CSR) or can use the CSR generation tool on the SMS under Admin, Certificate Management, Signing Requests. The CSR must ensure the following attributes are added to the CSR if using the SMS tool: 2048 RSA key size and a DNS Subject Alternative Name (SAN) - if required.