Update for 12-01-22 01:15
This commit is contained in:
parent
ed51a092c7
commit
f6fbc391de
@ -78,4 +78,8 @@ This is the CIA list of dos and donts.
|
||||
* Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA
|
||||
- Asymmetric keys *must* be at least 2048 bits (Elliptic curve, 256 bits)
|
||||
* Authentication via TLS 1.2 *must* include the use of certs by both parties
|
||||
* Authentication via TLS 1.2 *must* validate the cert
|
||||
* Authentication via TLS 1.2 *must* validate the cert utlized by both parties.
|
||||
If the cert is invalid, they should terminate the connection. This guidance
|
||||
referes to the inner cryptosctream which may be masked by HTTPS, this doesn
|
||||
no apply to the outer stream
|
||||
* Tools must support unique certs and CAs for network auth for each deployment
|
||||
|
Loading…
Reference in New Issue
Block a user