I suggest you ...

TSelf-signed certificates on each managed computer should be removed as it hinders environments where a STIG disallows self signed certs

The requirement for Self-signed certificates (used for data encryption) on each managed computer should be addressed as it complicates management of environments where a STIG disallows self signed certs. Also a public (external) official MS whitepaper should be made available which states that these certs should not be altered or replaced with reasons why or a method provided to replace if this is supported.

7 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Robert Avritt shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Robert Avritt commented  ·   ·  Flag as inappropriate

    Per DoD Instruction 8520.02
    –DoD shall only rely on certificates that are issued by the DoD PKI or by a DoD approved PKI for authentication, digital signature, or encryption.

Feedback and Knowledge Base