Network Device Management Rules : Ensuring the system obtains approved public key certificates
  
Ensuring the system obtains approved public key certificates
Rule Title: RiOS must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
STIG ID: RICX-DM-000138
Rule ID: SV-77477r1_rule Severity: CAT II
Vuln ID: V-62987 Class: Unclass
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
Verifying the system obtains approved public key certificates
Verify that RiOS is configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.
1. Connect to the Management Console.
2. Choose Optimization > SSL: Certificate Authorities to display the Certificate Authorities page.
3. Verify that DoD Root Certificates are listed on this page. If no DoD Root CA Certificates are listed on this page, this is a security vulnerability finding.
Configuring the system to obtain approved public key certificates
Configure RiOS to use public key certificates from an appropriate certificate policy through an approved service provider.
1. Connect to the Management Console.
2. Choose Optimization > SSL: Certificate Authorities to display the Certificate Authorities page.
3. Click Add a New Certificate Authority to expand the page.
4. Select Local File and click Browse.
5. Navigate to your local DoD CA Root Certificates and select a certificate.
6. Click Add.
7. Repeat Step 3 through Step 6 to add all the remaining DoD CA Root Certificates.