STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.

DISA Rule

SV-219321r610963_rule

Vulnerability Number

V-219321

Group Title

SRG-OS-000403-GPOS-00182

Rule Version

UBTU-18-010436

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Add at least one DOD certificate authority to the '/usr/local/share/ca-certificates' directory, then run the 'update-ca-certificates' command.

Check Contents

Verify the directory containing the root certificates for the Ubuntu operating system only contains certificate files for DoD PKI-established certificate authorities by iterating over all files in the '/etc/ssl/certs' directory and checking if, at least one, has the subject matching "DOD ROOT CA".

If none is found, this is a finding.

Vulnerability Number

V-219321

Documentable

False

Rule Version

UBTU-18-010436

Severity Override Guidance

Verify the directory containing the root certificates for the Ubuntu operating system only contains certificate files for DoD PKI-established certificate authorities by iterating over all files in the '/etc/ssl/certs' directory and checking if, at least one, has the subject matching "DOD ROOT CA".

If none is found, this is a finding.

Check Content Reference

M

Target Key

4055

Comments