← Back to VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide

V-240964

CAT II (Medium)

If the vAMI uses PKI Class 3 or Class 4 certificates, the certificates must be DoD- or CNSS-approved. If the vAMI does not use PKI Class 3 or Class 4 certificates, this requirement is Not Applicable.

Rule ID

SV-240964r879885_rule

STIG

VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002450

Discussion

Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DoD or CNS creates an integrity risk. The vAMI must utilize approved DoD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions.

Check Content

Interview the ISSO and/or the SA.

Determine if the vAMI is using PKI Class 3 or Class 4 certificates.

If the vAMI is using PKI Class 3 or Class 4 certificates, and the certificates are not DoD- or CNSS-approved, this is a finding.

Fix Text

If the vAMI is using PKI Class 3 or Class 4 certificates, install certificates that are DoD or CNSS approved.