STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product, when using PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

DISA Rule

SV-82889r1_rule

Vulnerability Number

V-68399

Group Title

SRG-APP-000175-MFP-000242

Rule Version

SRG-APP-000175-MFP-000242

Severity

CAT II

CCI(s)

• CCI-000185 - The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.

Weight

10

Fix Recommendation

Configure the Mainframe Product account management settings to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor when using PKI-based authentication.

Check Contents

If the Mainframe Product uses an external security manager (ESM) for all account management, this is not applicable.

Examine user account management configurations.

If the Mainframe Product account management is not configured to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor when using PKI-based authentication, this is a finding.

Vulnerability Number

V-68399

Documentable

False

Rule Version

SRG-APP-000175-MFP-000242

Severity Override Guidance

If the Mainframe Product uses an external security manager (ESM) for all account management, this is not applicable.

Examine user account management configurations.

If the Mainframe Product account management is not configured to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor when using PKI-based authentication, this is a finding.

Check Content Reference

M

Target Key

3061

Comments