STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

DISA Rule

SV-77477r1_rule

Vulnerability Number

V-62987

Group Title

SRG-APP-000516-NDM-000344

Rule Version

RICX-DM-000138

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to use public key certificates from an appropriate certificate policy through an approved service provider.

Navigate to the device Management Console
Navigate to Configure >> Optimization >> Certificate Authorities
Click "Add a New Certificate Authority"
Select "Local File" and "Browse"
Navigate to your local DoD CA Root Certificates and select a certificate
Click "Add"
Repeat Click "Add a New Certificate Authority" down to Click "Add" for each DoD Root Certificate

Navigate to the top of the web page and click "Save" to save these settings permanently

Check Contents

Verify that RiOS is configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Navigate to the device Management Console
Navigate to Configure >> Optimization >> Certificate Authorities
Verify that DoD Root Certificates are listed on this page

If no DoD Root CA Certificates are listed on this page, this is a finding.

Vulnerability Number

V-62987

Documentable

False

Rule Version

RICX-DM-000138

Severity Override Guidance

Verify that RiOS is configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Navigate to the device Management Console
Navigate to Configure >> Optimization >> Certificate Authorities
Verify that DoD Root Certificates are listed on this page

If no DoD Root CA Certificates are listed on this page, this is a finding.

Check Content Reference

M

Target Key

2931

Comments