| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.10 Ensure Web Tier ELB have the latest SSL Security Policies configured | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13 Ensure App Tier ELB have the latest SSL Security Policies configured | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Cisco ASA NDM v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'client Key Label' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'ldapsslkeyf exists' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'ldapsslkeyf exists' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Huawei: HTTPS Server requires SSL policy | TNS Huawei VRP Best Practice Audit | Huawei | SYSTEM AND COMMUNICATIONS PROTECTION |
| Install a trusted CA certificate on the pool | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Install a trusted certificate in place of the default self-signed SSL certificate | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-020400 - Oracle Database must include only approved trust anchors in trust stores or certificate stores managed by the organization. | DISA Oracle Database 19c STIG v1r5 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-020400 - Oracle Database must include only approved trust anchors in trust stores or certificate stores managed by the organization. | DISA Oracle Database 19c STIG v1r3 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-020400 - Oracle Database must include only approved trust anchors in trust stores or certificate stores managed by the organization. | DISA Oracle Database 19c STIG v1r3 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-020400 - Oracle Database must include only approved trust anchors in trust stores or certificate stores managed by the organization. | DISA Oracle Database 19c STIG v1r5 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Web Interface - Does not use self-signed cert | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
