| 1.173 WN22-DC-000280 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.183 WN10-PK-000010 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000120 - The Cisco ASA must be configured to validate certificates via a trustpoint that identifies a DoD or DoD-approved certificate authority. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CD12-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DTOO265 - Outlook - Warning about invalid signatures must be enforced. | DISA Microsoft Outlook 2010 STIG v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO267 - Outlook - Retrieving of CRL data must be set for online action. | DISA Microsoft Outlook 2010 STIG v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO268 - Outlook - Missing Root Certificates warning must be enforced. | DISA Microsoft Outlook 2010 STIG v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EDGE-00-000030 - Online revocation checks must be performed. | DISA STIG Edge v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EDGE-00-000030 - Online revocation checks must be performed. | DISA Microsoft Edge STIG v2r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004500 - The EDB Postgres Advanced Server, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000232 - The F5 BIG-IP appliance must configure OCSP to ensure revoked user credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000233 - The F5 BIG-IP appliance must configure OCSP to ensure revoked machine credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-300052 - The F5 BIG-IP appliance must configure certification path validation to ensure revoked machine credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-300154 - The F5 BIG-IP appliance must configure certificate path validation to ensure revoked user credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-300056 - The F5 BIG-IP appliance must be configured to use DOD approved OCSP responders or CRLs to validate certificates used for PKI-based authentication. | DISA F5 BIG-IP TMOS NDM STIG v1r2 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000317 - The F5 BIG-IP appliance must configure OCSP to ensure revoked credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000016 - Firefox must have the DOD root certificates installed. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000016 - Firefox must have the DOD root certificates installed. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000016 - Firefox must have the DOD root certificates installed. | DISA STIG Mozilla Firefox Windows v6r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'client Key Label' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'ldapsslkeyf exists' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'Not Applicable' | DISA AIX 5.3 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'useSSL = yes' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'ldapsslkeyf exists' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'Not Applicable' | DISA AIX 5.3 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'useSSL = yes' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JRE8-UX-000100 - Oracle JRE 8 must set the option to enable online certificate validation - deployment.security.validation.ocsp | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JRE8-UX-000100 - Oracle JRE 8 must set the option to enable online certificate validation - deployment.security.validation.ocsp.locked | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004000 - MariaDB, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-004700 - The MySQL Database Server 8.0, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000480 - The Dell OS10 Switch must be configured to use DOD-approved OCSP responders or CRLs to validate certificates used for PKI-based authentication. | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010090 - RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010060 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WINPK-000002 - The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN11-PK-000005 - The DoD Root CA certificates must be installed in the Trusted Root Store. | DISA Microsoft Windows 11 STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN11-PK-000010 - The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems. | DISA Microsoft Windows 11 STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000280 - Windows Server 2022 domain controllers must have a PKI server certificate. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000290 - Windows Server 2022 domain controller PKI certificates must be issued by the DOD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000300 - Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN25-DC-000280 - Windows Server 2025 domain controllers must have a PKI server certificate. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN25-DC-000290 - Windows Server 2025 domain Controller PKI certificates must be issued by the DOD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN25-DC-000300 - Windows Server 2025 PKI certificates associated with user accounts must be issued by a DOD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
