PANW-NM-000141 - The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

DoD Instruction 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling mandates that certificates must be issued by the DoD PKI or by a DoD-approved PKI for authentication, digital signature, or encryption.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Obtain a Device Certificate from the DoD PKI or from a DoD-approved PKI:
Go to Device >> Certificate Management >> Certificates
Select 'Import' (at the bottom of the pane).
In the 'Import Certificate' pane, complete each field.
Select 'OK'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PAN_Y24M07_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, CCI|CCI-001159, Rule-ID|SV-228674r961863_rule, STIG-ID|PANW-NM-000141, STIG-Legacy|SV-77267, STIG-Legacy|V-62777, Vuln-ID|V-228674

Plugin: Palo_Alto

Control ID: 9186486122fca630518c32193ba8a409738dac08e7ddc3376003ea44041c4cb7