The private web server must use an approved DoD certificate validation process.
An XCCDF Rule
Description
Without the use of a certificate validation process, the site is vulnerable to accepting certificates that have expired or have been revoked. This would allow unauthorized individuals access to the web server. This also defeats the purpose of the multi-factor authentication provided by the PKI process.
| Property | Value |
|---|---|
| Responsibility | System Administrator |
- ID
- SV-33065r2_rule
- Version
- WG145 W22
- Severity
- Medium
- Updated
Remediation Templates
A Manual Procedure
Configure DoD Private Web Servers to conduct certificate revocation checking utilizing certificate revocation lists (CRLs) or Online Certificate Status Protocol (OCSP).