20.53 Ensure 'PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA)' (STIG DC only)

Information

This policy setting ensures that Public Key Infrastructure (PKI) certificates associated with user accounts are issued by DoD PKI or an approved External Certificate Authority (ECA).

Without proper issuance, certificates issued by an unauthorized Certificate Authority (CA) have limited value in authentication functions.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Map the user account to PKI certificates using the appropriate User Principal Name (UPN) for the network. See PKE documentation for details.

Impact:

None

See Also

https://workbench.cisecurity.org/benchmarks/15301

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-23(5)

Plugin: Windows

Control ID: 867c49fc223e604204ff16431fc92787f5b9c1bbbcb4f9976a98cc1e997e7fb4