Free DISA STIG and SRG Library | Vaulted

V-56797

The operating system, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

Finding ID
SRG-OS-000384-GPOS-00167
Rule ID
SV-71057r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000384-GPOS-00167
CCI
CCI-001991
Target Key
(None)
Documentable
No
Discussion

Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).

Fix Text

Configure the operating system, for PKI-based authentication, to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

Check Content

Verify the operating system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If it does not, this is a finding.