The Cisco ACI must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271922 | CACI-ND-000007 | SV-271922r1168360_rule | CCI-001159 | medium |
| Description | ||||
| After the Cisco ACI is initialized, it uses the self-signed certificate as the SSL certificate for HTTPS. This self-signed certificate is neither appropriate nor approved for use in DOD. | ||||
| STIG | Date | |||
| Cisco ACI NDM Security Technical Implementation Guide | 2025-12-11 | |||
Details
Check Text (C-271922r1168360_chk)
From the GUI menu bar:
1. Navigate to Admin >> AAA >> Security >> Certificate Authorities.
2. Verify the Issuer is an approved CA.
If the Cisco ACI does not obtain its public key certificates from an approved certificate policy through an approved service provider, this is a finding.
Fix Text (F-75879r1168359_fix)
From the GUI menu bar:
1. Navigate to Admin >> AAA >> Security >> Certificate Authorities.
2. Complete the form to configure CA root certificate.
3. Click "Submit".