UCF STIG Viewer Logo

IATS-1 Token and Certificate Standards


Overview

Identification and authentication is accomplished using the DoD PKI Class 3 certificate and hardware security token (when available).

MAC / CONF Impact Subject Area
MACIII Medium Identification and Authentication

Details

Threat
DoD PKI and KMI software Tokens are required to counter the following threats:
 
  · Logical attack
  · Control of access
  · Unanticipated interactions
  · Cryptographic functions
  · Miscellaneous threats

Guidance
1. The DoD will provide for a certificate management infrastructure yielding a capability to verify the identity, authority and integrity involved in each transaction.
2.     The system administrators shall protect the workstations and the cryptographic module from unauthorized access or modification via the following at a minimum:
  · Access control list
  · Configuration management
  · Physical protection
3. The system administrators shall ensure that all applications should be Common Criteria evaluated and Joint Interoperability Testing Command certified.
4. The system administrators shall configure workstations with the appropriate security technical implementation guidance and implement the IAVA process into configuration management practices in accordance with the security policy.

References

  • Department of Defense (DoD) Public Key Infrastructure (PKI) Token Protection Profile (Medium Robustness), Version 2, Release 1 of the “Common Criteria” International Standard 15408
  • Smart Card Security User Group Smart Card Protection Profile (SCSUG-SCPP) Draft Version 2
  • DISA IAVA Process Handbook, Version 2, Relase 1, 11 June 2002
  • FIPS 140-2 Level 2, FIPS 140-2 Level 3