AOSX-14-003002 - The macOS system must enable certificate for smartcards.

Information

To prevent untrusted certificates the certificates on a smartcard card must be valid in these ways: its issuer is system-trusted, the certificate is not expired, its 'valid-after' date is in the past, and it passes CRL and OCSP checking.

Solution

This setting is enforced using the 'Smart Card Policy' configuration profile.

Note: Before applying the 'Smart Card Policy', the supplemental guidance provided with the STIG should be consulted to ensure continued access to the operating system.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-14_V2R6_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(b), CAT|II, CCI|CCI-000186, Rule-ID|SV-209614r610285_rule, STIG-ID|AOSX-14-003002, STIG-Legacy|SV-105097, STIG-Legacy|V-95959, Vuln-ID|V-209614

Plugin: Unix

Control ID: 252a299ea9c2e5d98feab5fbc1623e26bb70835079b08e4fc1b3d35949bc55c8