Rule ID
SV-242257r961863_rule
Version
V2R3
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
In the SMS client, ensure the certificate is signed by an authorized DoD Certificate Authority. Select Admin >> Certificate Management >> Certificates. If there is no certificate, or the certificate is signed by a CA that is not authorized in the DoD, this is a finding.
In the SMS client, ensure the certificate is signed by an authorized DoD Certificate Authority. 1. Select Admin >> Certificate Management >> Certificates. 2. Select import. 3. The SMS can import a certificate with a private key file separately, or can import a PKCS12/PFX file. The user can use OpenSSL on a separate system to generate the certificate signing request (CSR) or can use the CSR generation tool on the SMS under Admin, Certificate Management, Signing Requests. The CSR must ensure the following attributes are added to the CSR if using the SMS tool: 2048 RSA key size and a DNS Subject Alternative Name (SAN) - if required.