The Riverbed NetProfiler must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-256094 | RINP-DM-000061 | SV-256094r882790_rule | Medium |
| Description |
|---|
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this certification authority will suffice. |
| STIG | Date |
|---|---|
| Riverbed NetProfiler Security Technical Implementation Guide | 2023-01-11 |
Details
| Check Text ( C-59768r882788_chk ) |
|---|
| Go to Configuration >> Appliance Security >> Encryption Key Management. Under the "Local Credentials" tab, look for the "Apache SSL certificate". Under the "Action" column, click the drop-down menu and select "View Certificate". Verify the Privacy Enhanced Mail (PEM) format for the certificate and key match the certification authority-provided certificate and the certificate is signed by a DOD-approved certificate authority. If this is not true, this is a finding. |
| Fix Text (F-59711r882789_fix) |
|---|
| Go to Configuration >> Appliance Security >> Encryption Key Management. Under the "Local Credentials" tab, look for the "Apache SSL certificate". Under the "Action" column, click the drop-down menu and select "Change Key/Cert". Paste the private key and certificate in PEM format and click "Save". Restart the web browser to avoid connection errors. |