The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.

An XCCDF Rule

Details
Profiles

Description

DoD Instruction 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling mandates that certificates must be issued by the DoD PKI or by a DoD-approved PKI for authentication, digital signature, or encryption.

ID: SV-228674r961863_rule
Version: PANW-NM-000141
Severity: Medium
References: CCI-000366 CCI-001159
Updated: about 2 months ago

Remediation Templates

Obtain a Device Certificate from the DoD PKI or from a DoD-approved PKI:
Go to Device >> Certificate Management >> Certificates
Select "Import" (at the bottom of the pane). 
In the "Import Certificate" pane, complete each field.
Select "OK".

The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.

Description

Remediation Templates

A Manual Procedure