STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.

DISA Rule

SV-204811r508029_rule

Vulnerability Number

V-204811

Group Title

SRG-APP-000427

Rule Version

SRG-APP-000427-AS-000264

Severity

CAT II

CCI(s)

• CCI-002470 - The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Weight

10

Fix Recommendation

Configure the application server to allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.

Check Contents

Review the application server documentation and configuration to determine if the application server only allows the use of DoD PKI-established certificate authorities.

If the application server allows other certificate authorities for verification, this is a finding.

Vulnerability Number

V-204811

Documentable

False

Rule Version

SRG-APP-000427-AS-000264

Severity Override Guidance

Review the application server documentation and configuration to determine if the application server only allows the use of DoD PKI-established certificate authorities.

If the application server allows other certificate authorities for verification, this is a finding.

Check Content Reference

M

Target Key

2900

Comments