Documentation - V-222551

V-222551

Application Security and Development Security Technical Implementation Guide

CAT I

Title

The application, when using PKI-based authentication, must enforce authorized access to the corresponding private key.

Description

<VulnDiscussion>If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure. The cornerstone of the PKI is the private key used to encrypt or digitally sign information. If the private key is stolen, this will lead to the compromise of the authentication and non-repudiation gained through PKI because the attacker can use the private key to digitally sign documents and pretend to be the authorized user. Both ...

Fix Text (Documentation Requirement)

Configure the application or relevant access control mechanism to enforce authorized access to the application private key(s).

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel