Detections
Analytics
WN22-DC-000290 - Windows Server 2022 domain controller PKI certificates must be issued by the DOD PKI or an approved External Certificate Authority (ECA).
Information
A PKI implementation depends on the practices established by the Certificate Authority (CA) to ensure the implementation is secure. Without proper practices, the certificates issued by a CA have limited value in authentication functions. The use of multiple CAs from separate PKI implementations results in interoperability issues. If servers and clients do not have a common set of root CA certificates, they are not able to authenticate each other.Solution
Obtain a server certificate for the domain controller issued by the DOD PKI or an approved ECA.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2022_V2R8_STIG.zip
Item Details
Audit Name: DISA Microsoft Windows Server 2022 STIG v2r8
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(2)(a), CAT|I, CCI|CCI-000185, Rule-ID|SV-254413r1153446_rule, STIG-ID|WN22-DC-000290, Vuln-ID|V-254413
Plugin: Windows
Control ID: a7001d97b27d0766b7b7b4fcfc3a7039cb6cf07799faa1099cdd0f6459bfdfc2