Detections
Analytics
WN25-DC-000300 - Windows Server 2025 PKI certificates associated with user accounts must be issued by a DOD PKI or an approved External Certificate Authority (ECA).
Information
A PKI implementation depends on the practices established by the Certificate Authority (CA) to ensure the implementation is secure. Without proper practices, the certificates issued by a CA have limited value in authentication functions.Satisfies: SRG-OS-000066-GPOS-00034, SRG-OS-000403-GPOS-00182
Solution
Map user accounts to PKI certificates using the appropriate UPN for the network. Refer to the PKE documentation for details.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2025_V1R1_STIG.zip
Item Details
Audit Name: DISA Microsoft Windows Server 2025 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(2)(a), CAT|I, CCI|CCI-000185, Rule-ID|SV-278161r1182128_rule, STIG-ID|WN25-DC-000300, Vuln-ID|V-278161
Plugin: Windows
Control ID: 953e446f74fd4ad835b70ffeed29ffe06497bd11e40aaee0cfa84e0714b15434