SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Information

For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Assign an appropriately signed certificate to the management interface.

1. Log on to the Web Management Console.
2. Click Configuration >> SSL >> Keyrings.
3. Click 'Create', provide a name and bit size, click 'OK'.
4. Select the newly created keyring, click 'Edit'.
5. Click 'Create' under 'Certificate Signing Request' and enter the appropriate information, click 'OK', click 'Close', click 'Apply'.
6. Select the newly created keyring, click 'Edit'.
7. Copy the text in the 'Certificate Signing Request' field and submit to your appropriate Certificate Authority.
8. Once the certificate has been issued, paste it into the 'Certificate' field, click 'Close', click 'Apply'.
9. Click Services >> Management Services, click on 'HTTPS-Console', click 'Edit'.
10. Change the 'Keyring' value to the newly created keyring, click 'OK', click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SYM_ProxySG_Y20M04_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-6b., 800-53|SC-17, CAT|II, CCI|CCI-000366, CCI|CCI-001159, Rule-ID|SV-104521r1_rule, STIG-ID|SYMP-NM-000200, Vuln-ID|V-94691

Plugin: BlueCoat

Control ID: 4176eef3e606d6d33b8412dd5e760e36dbbba03a757f67d0774010c1d2b91cd0