The application server must use DOD- or CNSS-approved PKI Class 3 or Class 4 certificates.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-204832 | SRG-APP-000514 | SRG-APP-000514-AS-000137 | SV-204832r1137585_rule | 2025-09-10 | 4 |
Description
Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DOD or CNS creates an integrity risk. The application server must utilize approved DOD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions.
This requirement also applies to Zero Trust initiatives.
ℹ️ Check
Review the application server configuration to determine if the application server utilizes approved PKI Class 3 or Class 4 certificates.
If the application server is not configured to use approved DOD or CNS certificates, this is a finding.
✔️ Fix
Configure the application server to use DOD- or CNSS-approved Class 3 or Class 4 PKI certificates.