The Nokia router must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-283787NOKI-ND-000920SV-283787r1203406_ruleCCI-000366medium
Description
The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stored log data can be used to detect weaknesses in security that enable the network Information Assurance team to find and address these weaknesses before breaches can occur. Reviewing these logs, whether before or after a security breach, is important in showing whether someone is an internal employee or outside threat.
STIGDate
Nokia Service Router OS 25.x Network Device Management Security Technical Implementation Guide2026-06-15

Details

Check Text (C-283787r1203406_chk)

Determine if the Nokia router obtains public key certificates from an appropriate certificate policy through an approved service provider. Use the command below for certificate-authority profile information: - show certificate ca-profile Max Cert Chain Depth: 7 (default) Certificate Display Format: 1 ASCII CA Profile CA Profile Admin Oper Cert File CRL File State State CA0 up up CA1-00cert.der CA1-00crl.der CA1 up up CA1-01cert.der CA1-01crl.der CA2 up up CA1-02cert.der CA1-02crl.der CA3 up up CA1-03cert.der CA1-03crl.der CA4 up up CA1-04cert.der CA1-04crl.der CA5 up up rsa_sha512_1024_0cert.d* rsa_sha512_1024_0crl.der CA6 up up rsa_sha512_1024_1cert.d* rsa_sha512_1024_1crl.der CA7 up up rsa_sha512_1024_2cert.d* rsa_sha512_1024_2crl.der CA8 up up rsa_sha512_1024_3cert.d* rsa_sha512_1024_3crl.der CA9 up up rsa_sha512_1024_4cert.d* rsa_sha512_1024_4crl.der CA10 up up rsa_sha512_1024_5cert.d* rsa_sha512_1024_5crl.der CA11 up up rsa_sha384_1024_0cert.d* rsa_sha384_1024_0crl.der CA12 up up rsa_sha384_1024_1cert.d* rsa_sha384_1024_1crl.der CA13 up up rsa_sha384_1024_2cert.d* rsa_sha384_1024_2crl.der CA14 up up rsa_sha384_1024_3cert.d* rsa_sha384_1024_3crl.der CA15 up up rsa_sha384_1024_4cert.d* rsa_sha384_1024_4crl.der CA16 up up rsa_sha384_1024_5cert.d* rsa_sha384_1024_5crl.der CMPv2 up up rsaCMPv2cert.der rsaCMPv2CRL.der Entries found: 18 If the Nokia router does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.

Fix Text (F-88257r1203405_fix)

Configure the Nokia router to obtain its public key certificates from an appropriate certificate policy through an approved service provider. Generate a key pair using the command below: - admin certificate gen-keypair Generate a PKCS#10 certificate signing request with the key generated in the previous step (optionally an FQDN or IP address can be specified): - admin certificate gen-local-cert-req keypair <url-string> subject-dn <subject-dn> file <url-string> Import the key file: - admin certificate import type z,type> input <url-string> output <file name> format <format> Import the resulting certificate: - admin certificate import