IISW-SV-000129 - The IIS 8.5 web server must perform RFC 5280-compliant certification path validation.

Information

This check verifies the server certificate is actually a DoD-issued certificate used by the organization being reviewed. This is used to verify the authenticity of the website to the user. If the certificate is not issued by the DoD or if the certificate has expired, then there is no assurance the use of the certificate is valid. The entire purpose of using a certificate is, therefore, compromised.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Double-click the 'Server Certificate' icon.

Import a valid DoD certificate and remove any non-DoD certificates.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y23M10_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(a), CAT|II, CCI|CCI-000185, Rule-ID|SV-214415r879612_rule, STIG-ID|IISW-SV-000129, STIG-Legacy|SV-91411, STIG-Legacy|V-76715, Vuln-ID|V-214415

Plugin: Windows

Control ID: d98e657ff0094052fb049ea0e1d061503d5e73ebb75009b06fd8a5eebbcdb5be