From 401f3211a9ba3942271420dd9b3115bb2b663eaf Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Tue, 15 Nov 2016 11:44:48 -0600
Subject: [PATCH] [Docs] Exception for PKI revocation

This control affects a very small subset of users and should be
implemented manually since it affects critical PKI-related
services.

Implements: blueprint security-rhel7-stig
Change-Id: Ia68771602154adea7840d0ccf8be7b6b8d1923c2
---
 doc/metadata/rhel7/RHEL-07-040230.rst | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/doc/metadata/rhel7/RHEL-07-040230.rst b/doc/metadata/rhel7/RHEL-07-040230.rst
index c35cfa35..8d300424 100644
--- a/doc/metadata/rhel7/RHEL-07-040230.rst
+++ b/doc/metadata/rhel7/RHEL-07-040230.rst
@@ -1,7 +1,17 @@
 ---
 id: RHEL-07-040230
-status: not implemented
+status: exception - manual intervention
 tag: misc
 ---
 
-This STIG requirement is not yet implemented.
+This control applies only to systems that run PKI services, such as the
+`FreeIPA <https://www.freeipa.org/page/Main_Page>`_ project or the
+`Red Hat Identity Management <https://access.redhat.com/products/identity-management>`_
+product. Deployers should carefully review the requirements for this control
+before making any changes.
+
+.. warning::
+
+    Changing revocation settings might cause certain systems or users to lose
+    access to critical servers. Always test these configuration changes in a
+    non-production environment first.