Use externally signed certificates
Summary
The organization must use certificates signed by valid external certification authorities when these are for external applications.
Description
Using externally signed certificates refers to obtaining digital certificates for your web servers, applications, or other network services from a trusted Certificate Authority (CA) outside of an organization. External CAs are third-party entities that are widely recognized and trusted by web browsers and other software.
References
- CAPEC-94. Adversary in the middle (AiTM)
- CMMC-AC_L1-3_1_20. External connections
- HITRUST-01_j. User authentication for external connections
- PTES-7_4_2_7. Post exploitation - Pillaging (certificate authority)
- OSAMM-OM. Operational Management
- ASVS-9_2_1. Server communication security
- CASA-9_2_1. Server Communication Security
Weaknesses
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan