The operating system must employ PKI solutions at workstations, servers, or mobile computing devices on the network to create, manage, distribute, use, store, and revoke digital certificates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216229 | SOL-11.1-090115 | SV-216229r959010_rule | CCI-000366 | medium |
| Description | ||||
| Without the use of PKI systems to manage digital certificates, the operating system or other system components may be unable to securely communicate on a network or reliably verify the identity of a user via digital signatures. | ||||
| STIG | Date | |||
| Solaris 11 X86 Security Technical Implementation Guide | 2025-05-05 | |||
Details
Check Text (C-216229r959010_chk)
The operator will ensure that a DoD approved PKI system is installed, configured, and properly operating. Ask the operator to document the PKI software installation and configuration.
If the operator is not able to provide a documented configuration for an installed PKI system or if the PKI system is not properly configured, maintained, or used, this is a finding.
Fix Text (F-17465r373070_fix)
The operator will ensure that a DoD approved PKI software is installed and operating continuously.