General Cyber Exchange Announcements

DoD Cloud Cyberspace Protection Guide

DISA has released the DoD Cloud Cyberspace Protection Guide dated 16 Oct 2017 which is available here.

SRGs/STIGs Announcements

Solaris 11 X86 V1R18 STIG

DISA has released the Solaris 11 X86 V1R18 STIG. The requirements of the STIG become effective immediately.

The manual STIG file has been updated to accurately reflect changes noted in the July Revision History document.

The STIG is available from https://public.cyber.mil/stigs/downloads/.

Oracle Database 12c STIG - Ver 1, Rel 14

DISA has released the following STIGs. The requirements of the STIGs become effective immediately:
Oracle Database 12c STIG – Ver 1, Rel 14

Customers who have a CAC that has DoD Certificates can obtain the STIG at https://public.cyber.mil/stigs/downloads/.

PKI/PKE Announcements

Updated WCF PKI CA Certificates Bundle (PKCS#7) v5.6

The latest WCF PKI CA Certificates Bundle (PKCS#7) v5.6 has been updated to include WCF Signing CAs 1-10.

DoD PKE InstallRoot and CRLAutoCache Configuration Files Have Moved!

The DISA-hosted files used to provide automatic configuration information and updates to InstallRoot and CRLAutoCache for Windows and Linux on unclassified systems have moved from the decommissioned IASE web site to the Global Directory Service (GDS) at https://crl.gds.disa.mil/pke.  Any instances of these tools running on unclassified systems and utilizing the default DISA-hosted configuration files must be reconfigured to point to the new hosting locations for the configuration files.

Relocated files include:

  • CRLDP files used by CRLAutoCache for Windows and Linux, formerly hosted at:

https://iase.disa.mil/pki-pke/data/crls/[file-name]

https://iasecontent.disa.mil/pki-pke/data/crls/[file-name]

  • DNLookUpTable files used by CRLAutoCache for Windows, formerly hosted at:

https://iase.disa.mil/pki-pke/data/crls/[file-name]

https://iasecontent.disa.mil/pki-pke/[file-name]

  • .ir4 files used by InstallRoot, formerly hosted at:

https://iase.disa.mil/pki-pke/data/ir4/[file-name]

https://iasecontent.disa.mil/pki-pke/data/ir4/[file-name]

These files are now available at https://crl.gds.disa.mil/pke/config/[file-name] .  The file names themselves remain unchanged.  A complete listing mapping the former IASE file locations to the new GDS file locations is available here.

CRLAutoCache for Windows – See the Editing CRLAutoCache Source Locations guide for instructions on updating URLs for both CRLDP and DNLookUpTable files.

CRLAutoCache for Linux – Search for and update the URL values for the following within CRLAutoCache_Linux.sh:

DoDCRLdistributionURL

ECACRLdistributionURL

FedPKICRLdistributionURL

InstallRoot

For individual installation modifications, see the Editing Certificate Group Locations for InstallRoot via the GUI guide.

For enterprise deployment modifications, the registry key values can be updated via GPO.  Target HKCU or HKLM based on the context within the tool is configured to run.  Substitute the specific version number being run in the environment (e.g. 5.3) for 5.X, and include a separate entry for each group managed by the tool (DoD, ECA, JITC and/or WCF).

Within [HKLM or HKCU]\SOFTWARE\DoD-PKE\InstallRoot\5.X\Groups\[Group_Name], update the URL Multi-String value to the new GDS URL (e.g. https://crl.gds.disa.mil/pke/config/DoD.ir4 for the DoD group).