Windows Server 2019 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store.

An XCCDF Rule

Details
Profiles

Description

To ensure secure DoD websites and DoD-signed code are properly validated, the system must trust the DoD Root CAs. The DoD root certificates will ensure that the trust chain is established for server certificates issued from the DoD CAs. Satisfies: SRG-OS-000066-GPOS-00034, SRG-OS-000403-GPOS-00182

ID: SV-205648r958448_rule
Version: WN19-PK-000010
Severity: Medium
References: CCI-000185 CCI-002470
Updated: 6 days ago

Remediation Templates

Install the DoD Root CA certificates:
DoD Root CA 3
DoD Root CA 4
DoD Root CA 5
DoD Root CA 6

The InstallRoot tool is available on Cyber Exchange at https://cyber.mil/pki-pke/tools-configuration-files. Certificate bundles published by the PKI can be found at https://crl.gds.disa.mil/.

Windows Server 2019 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store.

Description

Remediation Templates

A Manual Procedure