Windows OS: Must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store

d070ac89-35b5-44c1-a417-154e3d8e35be

To ensure secure DoD websites and DoD-signed code are properly validated, the system must trust the DoD Root CAs. The DoD root certificates will ensure that the trust chain is established for server certificates issued from the DoD CAs.

Remediation

Install the DoD Root CA certificates:

DoD Root CA 2
DoD Root CA 3
DoD Root CA 4
DoD Root CA 5

Certificate installer available in

https://public.cyber.mil/pki-pke/end-users/getting-started/#toggle-id-1
https://www.militarycac.com/dodcerts.htm

STIG
Server
2022: https://system32.eventsentry.com/stig/viewer/V-254442
2019: https://system32.eventsentry.com/stig/viewer/V-205648

Desktop
W11: https://system32.eventsentry.com/stig/viewer/V-253427
W10: https://system32.eventsentry.com/stig/viewer/V-220903

STIG SRG-OS-000066-GPOS-00034, SRG-OS-000403-GPOS-00182