Detections
Analytics
WN22-DC-000300 - Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA).
Information
A PKI implementation depends on the practices established by the Certificate Authority (CA) to ensure the implementation is secure. Without proper practices, the certificates issued by a CA have limited value in authentication functions.Satisfies: SRG-OS-000066-GPOS-00034, SRG-OS-000403-GPOS-00182
Solution
Map user accounts to PKI certificates using the appropriate User Principal Name (UPN) for the network. See PKE documentation for details.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2022_V2R8_STIG.zip
Item Details
Audit Name: DISA Microsoft Windows Server 2022 STIG v2r8
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(2)(a), CAT|I, CCI|CCI-000185, Rule-ID|SV-254414r958448_rule, STIG-ID|WN22-DC-000300, Vuln-ID|V-254414
Plugin: Windows
Control ID: 9e59b5fb33242aac56dbdf799741222053f06f63b89abb964d6e7bdac3aeda2e