| ALMA-09-038850 - For PKI-based authentication, AlmaLinux OS 9 must enforce authorized access to the corresponding private key. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000130 - The Cisco ASA must be configured to not accept certificates that have been revoked when using PKI for authentication. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000390 - The Cisco ASA remote access VPN server must be configured to use a separate authentication server than that used for administrative access. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CD12-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CD12-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EDGE-00-000030 - Online revocation checks must be performed. | DISA STIG Edge v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000231 - The F5 BIG-IP appliance must be configured to deny access when revocation data is unavailable using OCSP. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000317 - The F5 BIG-IP appliance must configure OCSP to ensure revoked credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000016 - Firefox must have the DOD root certificates installed. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | IDENTIFICATION AND AUTHENTICATION |
| JRE8-UX-000100 - Oracle JRE 8 must set the option to enable online certificate validation - deployment.security.validation.ocsp | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crl | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004000 - MariaDB, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004100 - MariaDB must enforce authorized access to all PKI private keys stored/used by the DBMS. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-003200 - MongoDB must map the PKI-authenticated identity to an associated user account. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004100 MongoDB must enforce authorized access to all PKI private keys stored/used by MongoDB. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-004800 - The MySQL Database Server 8.0 must enforce authorized access to all PKI private keys stored/utilized by the MySQL Database Server 8.0. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-004800 - The MySQL Database Server 8.0 must enforce authorized access to all PKI private keys stored/utilized by the MySQL Database Server 8.0. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015200 - Oracle Database, when using public key infrastructure (PKI)-based authentication, must enforce authorized access to the corresponding private key. | DISA Oracle Database 19c STIG v1r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015300 - Oracle Database must map the authenticated identity to the user account using public key infrastructure (PKI)-based authentication. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000910 - OL 9 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010100 - RHEL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020090 - RHEL 8 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-631015 - RHEL 9 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000410 - Symantec ProxySG, when configured for reverse proxy/WAF services and providing PKI-based user authentication intermediary services, must map the client certificate to the authentication server store. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010006 - The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010060 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-254030 - Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-612040 - Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400370 - Ubuntu 24.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400380 - Ubuntu 24.04 LTS for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCFL-67-000018 - vSphere Client must ensure appropriate permissions are set on the keystore. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-80-000040 The vCenter VAMI service must restrict access to the web server's private key. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCRP-67-000007 - The rhttpproxy private key file must be protected from unauthorized access. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCRP-70-000005 - The Envoy private key file must be protected from unauthorized access. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001260 - The WebSphere Application Server must use signer for DoD-issued certificates. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001260 - The WebSphere Application Server must use signer for DoD-issued certificates. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000280 - Windows Server 2022 domain controllers must have a PKI server certificate. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000290 - Windows Server 2022 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000300 - Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
