STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Palo Alto Networks NDM Security Technical Implementation Guide

V-228674

CAT II (Medium)

The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.

Rule ID

SV-228674r961863_rule

STIG

Palo Alto Networks NDM Security Technical Implementation Guide

Version

V3R3

CCIs

CCI-000366CCI-001159

Discussion

DoD Instruction 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling mandates that certificates must be issued by the DoD PKI or by a DoD-approved PKI for authentication, digital signature, or encryption.

Check Content

Go to Device >> Certificate Management >> Certificates
Installed Certificates are listed in the "Device Certificates" tab.
If any of the have the name or identifier of a non-approved source in the "Issuer" field, this is a finding.

Fix Text

Obtain a Device Certificate from the DoD PKI or from a DoD-approved PKI:
Go to Device >> Certificate Management >> Certificates
Select "Import" (at the bottom of the pane). 
In the "Import Certificate" pane, complete each field.
Select "OK".