APPNET0048 - Developer certificates used with the .NET Publisher Membership Condition must be approved by the IAO.

Details

A .Net assembly will satisfy the Publisher Membership Condition if it is signed with a software publisher's Authenticode X.509v3 digital certificate that can be verified by the Windows operating system as having a chain of trust that leads to a trusted root certificate stored in the user's certificate store. The Publisher Membership Condition can be used to identify an organization, developer, vendor, or other entity as the ultimate source of the assembly, even if the code itself was obtained from a third party, such as a mirror site. Access to system resources, such as file systems or printers, may then be granted to the assembly based on the trust relationship with the identified entity.



Certificates used to sign assemblies so the Publisher Member Condition may be applied must originate from a trusted source. Using a certificate that is not from a trusted source could potentially violate system integrity and confidentiality.




Solution

Trust must be established when utilizing Publishers Membership Condition. All publishers' certificates must have documented approvals from the IAO.


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.


References


Source