| AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer | DISA STIG AIX 7.x v2r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple macOS 12 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPNET0031 - Digital signatures assigned to strongly named assemblies must be verified. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| APPNET0046 - The Trust Providers Software Publishing State must be set to 0x23C00. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| APPNET0048 - Developer certificates used with the .NET Publisher Membership Condition must be approved by the ISSO. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| APPNET0063 - .NET must be configured to validate strong names on full-trust assemblies. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AS24-W1-000380 - The Apache web server must perform RFC 5280-compliant certification path validation. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AS24-W2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation - SSLVerifyClient | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI018-IE11 - Check for publishers certificate revocation must be enforced. | DISA STIG IE 11 v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTBI365-IE11 - Checking for server certificate revocation must be enforced. | DISA STIG IE 11 v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO267 - Retrieving of CRL data must be set for online action. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'client Key Label' | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - If the system is using LDAP for authentication or account information, certificates used to authenticate to the LDAP server must be provided from DoD PKI or a DoD-approved external PKI - 'manual cert check' | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - If the system is using LDAP for authentication or account information, certificates used to authenticate to the LDAP server must be provided from DoD PKI or a DoD-approved external PKI - 'tls_cert' | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - If the system is using LDAP for authentication or account information, the LDAP TLS connection must require the server provide a certificate with a valid trust path to a trusted CA. | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label' | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008040 - If the system is using LDAP for authentication or account information, the system must verify the LDAP servers certificate has not been revoked. | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| IIST-SV-000129 - The IIS 10.0 web server must perform RFC 5280-compliant certification path validation. | DISA IIS 10.0 Server v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| IISW-SV-000129 - The IIS 8.5 web server must perform RFC 5280-compliant certification path validation. | DISA IIS 8.5 Server v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015300 - The DBMS, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - SSL_CLIENT_AUTHENTICATION | DISA STIG Oracle 11.2g v2r3 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O365-OU-000013 - Outlook must be configured to allow retrieving of Certificate Revocation Lists (CRLs) always when online. | DISA STIG Microsoft Office 365 ProPlus v2r11 | Windows | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000246 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to perform RFC 5280-compliant certification path validation - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000246 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to perform RFC 5280-compliant certification path validation - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000247 - OHS must have the SSLCipherSuite directive enabled to perform RFC 5280-compliant certification path validation. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000248 - OHS must have the SSLVerifyClient directive set within each SSL-enabled VirtualHost directive to perform RFC 5280-compliant certification path validation. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000250 - OHS must have SSLCARevocationPath and SSLCRLCheck directives within each SSL-enabled VirtualHost directive set to perform RFC 5280-compliant certification path validation when using multiple certification revocation - SSLCARevocationPath | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000172 - Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - Secure Listen Port | Oracle WebLogic Server 12c Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000172 - Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - Secure Listen Port | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000172 - Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - Secure Listen Port | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000172 - Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - Unsecure Listen Port | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WINPK-000003 - The DoD Interoperability Root CA cross-certificates must be installed. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WINPK-000004 - The US DoD CCEB Interoperability Root CA cross-certificate must be installed. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-PK-000010 - The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems. | DISA Windows 10 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-DC-000290 - Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Windows Server 2016 STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-DC-000300 - PKI certificates associated with user accounts must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Windows Server 2016 STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-PK-000010 - Windows Server 2022 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store | DISA Windows Server 2022 STIG v1r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-PK-000030 - Windows Server 2022 must have the US DoD CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems - 2/2 | DISA Windows Server 2022 STIG v1r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
