| ALMA-09-038850 - For PKI-based authentication, AlmaLinux OS 9 must enforce authorized access to the corresponding private key. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-038960 - AlmaLinux OS 9 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-001060 The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000120 - The Cisco ASA must be configured to validate certificates via a trustpoint that identifies a DoD or DoD-approved certificate authority. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CD12-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DTBI365 - Checking for server certificate revocation must be enforced. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO265 - Outlook - Warning about invalid signatures must be enforced. | DISA STIG Office 2010 Outlook v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO268 - Outlook - Missing Root Certificates warning must be enforced. | DISA STIG Office 2010 Outlook v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EDGE-00-000030 - Online revocation checks must be performed. | DISA STIG Edge v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004500 - The EDB Postgres Advanced Server, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004700 - The DBMS must map the PKI-authenticated identity to an associated user account. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000016 - Firefox must have the DOD root certificates installed. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'Not Applicable' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'useSSL = yes' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JRE8-UX-000100 - Oracle JRE 8 must set the option to enable online certificate validation - deployment.security.validation.ocsp.locked | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crl.locked | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JRE8-UX-000160 - Oracle JRE 8 must lock the option to enable users to check for revocation - deployment.security.revocation.check | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004100 - MariaDB must enforce authorized access to all PKI private keys stored/used by the DBMS. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004200 - MariaDB must map PKI ID to an associated user account. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-003100 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004200 MongoDB must map the PKI-authenticated identity to an associated user account. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-004700 - The MySQL Database Server 8.0, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015200 - Oracle Database, when using public key infrastructure (PKI)-based authentication, must enforce authorized access to the corresponding private key. | DISA Oracle Database 19c STIG v1r1 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015200 - Oracle Database, when using public key infrastructure (PKI)-based authentication, must enforce authorized access to the corresponding private key. | DISA Oracle Database 19c STIG v1r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020090 - OL 8 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000905 - OL 9, for PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010090 - RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010100 - RHEL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611190 - RHEL 9, for PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000420 - Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010022 - Ubuntu 20.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-254030 - Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-612040 - Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-70-000017 - VAMI must protect the keystore from unauthorized access - MIME that invoke OS shell programs disabled. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCPG-67-000014 - VMware Postgres must enforce authorized access to all PKI private keys. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCPG-70-000012 - VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000080 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001260 - The WebSphere Application Server must use signer for DoD-issued certificates. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001260 - The WebSphere Application Server must use signer for DoD-issued certificates. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000280 - Windows Server 2022 domain controllers must have a PKI server certificate. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-SO-000350 - Windows Server 2022 users must be required to enter a password to access private keys stored on the computer. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
