STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Xylok Security Suite 20.x Security Technical Implementation Guide

V-269740

CAT II (Medium)

Xylok Security Suite must use a valid DOD-issued certification.

Rule ID

SV-269740r1054081_rule

STIG

Xylok Security Suite 20.x Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

Without the use of a certificate validation process, the site is vulnerable to accepting certificates that have expired or have been revoked. This would allow unauthorized individuals access to the web server. This also defeats the purpose of the multi-factor authentication provided by the PKI process.

Check Content

Verify the Xylok Security Suite is using a valid DOD-issued certification with the following command:

$ openssl x509 -noout -text -in /opt/xylok/certs/cert.crt
Certificate:
   Data:
      Version: 3 (0x2)
      Serial Number: 1 (0x1)
      Signature Algorithm: sha256WithRSAEncryption
      Issuer: C = US, O = U.S. Government, OU = DoD, OU = PKI, CN = DoD Root CA 3
      Validity
         Not Before: Mar 20 18:46:41 2012 GMT
         Not After   : Dec 30 18:46:41 2029 GMT
      Subject: C = US, O = U.S. Government, OU = DoD, OU = PKI, CN = DoD Root CA 3
      Subject Public Key Info:
         Public Key Algorithm: rsaEncryption

If the Issuer is not an approved authority, this is a finding.

Fix Text

1. Obtain DOD root certificate authority (CA)-signed certificate for the domain or generate a certificate using other approved provider.
2. Install the certificate in x509 format at /opt/xylok/certs/cert.crt
3. Restart Xylok: systemctl restart xylok