Firefox must have the DOD root certificates installed.
An XCCDF Rule
Description
<VulnDiscussion>The DOD root certificates will ensure that the trust chain is established for server certificates issued from the DOD Certificate Authority (CA).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251560r918133_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Install the DOD root certificates. Other AO-approved certificates may also be used. Certificates designed for SIPRNet may be used as appropriate.
On Windows, import certificates from the operating system by using Certificates >> Import Enterprise Roots (Certificates) via policy or Group Policy Object (GPO).