The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-63583 | WN10-PK-000010 | SV-78073r2_rule | Medium |
| Description |
|---|
| To ensure secure websites protected with External Certificate Authority (ECA) server certificates are properly validated, the system must trust the ECA Root CAs. The ECA root certificates will ensure the trust chain is established for server certificates issued from the External CAs. This requirement only applies to unclassified systems. |
| STIG | Date |
|---|---|
| Windows 10 Security Technical Implementation Guide | 2016-10-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-76981r2_fix) |
|---|
| Install the ECA Root CA certificates on unclassified systems. ECA Root CA 2 ECA Root CA 4 The InstallRoot tool is available on IASE at http://iase.disa.mil/pki-pke/Pages/tools.aspx. |