The DBN-6300 must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

An XCCDF Rule

Description

<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. Self-signed certificates are not allowed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-91719r1_rule
Severity: Medium
References: CCI-000366 CCI-001159
Updated: about 1 year ago

Verify that the Public Key Certificate is installed and has been obtained from an appropriate certificate policy through an approved service provider.

Set the trusted-ca variable within the DBN-6300 through the CLI.

This value is set with the following registry entry in the CLI:
Reg set /sysconfig/tls/trustedcas EOF
(enter/paste certificate here)
EOF

The DBN-6300 must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Description

Remediation - Manual Procedure