Rule ID
SV-251027r1028193_rule
Version
V3R1
CCIs
A certificate's certification path is the path from the end entity certificate to a trusted root certification authority (CA). Certification path validation is necessary for a relying party to make an informed decision regarding acceptance of an end entity certificate. Certification path validation includes checks such as certificate issuer trust, time validity and revocation status for each certificate in the certification path. Revocation status information for CA and subject certificates in a certification path is commonly provided via certificate revocation lists (CRLs) or online certificate status protocol (OCSP) responses.
The Sentry is configured with TLS by default. The Sentry enables TLS 1.2 by default. To check the status:
1. Log in to Sentry.
2. Go to Settings >> Services >> Sentry.
3. For each of the following configurations, follow step 4:
a. Incoming SSL configuration
b. Outgoing SSL configuration
c. UEM SSL configuration
d. Access SSL configuration
4. In Protocols, verify TLS 1.2 is enabled.
If TLS 1.2 is not enabled for each configuration, this is a finding.
For more information, go to the "Sentry 9.8.0 Guide for Core" and refer to the main section "Standalone Sentry Settings", which includes subsections on how TLS 1.2 is set as the default protocol:
1. Incoming SSL configuration
2. Outgoing SSL configuration
3. UEM SSL configuration
4. Access SSL configuration
Sentry conforms to the NIST SP 800-52 TLS settings by setting TLS 1.2 by default.The Sentry is configured with TLS by default. To configure the Sentry with TLS 1.2:
1. Log in to Sentry.
2. Go to Settings >> Services >> Sentry.
3. Select each of the configurations listed below and follow steps 4 and 5:
a. Incoming SSL configuration
b. Outgoing SSL configuration
c. UEM SSL Configuration
d. Access SSL Configuration
4. In protocols, make TLS 1.2 enabled.
5. Apply the configuration and click "Save" in the top right corner.