| AIX7-00-003004 - AIX SSH private host key files must have mode 0600 or less permissive. | DISA STIG AIX 7.x v2r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple macOS 13 v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000360 - The Apache web server must be configured to use a specified IP address and port | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AS24-U1-000360 - The Apache web server must be configured to use a specified IP address and port | DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| GEN005523 - The SSH private host key files must have mode 0600 or less permissive. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| MD3X-00-000360 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB - PEMKeyFile | DISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key - SSL_CLIENT_AUTHENTICATION | DISA STIG Oracle 11.2g v2r3 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O121-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA STIG Oracle 12c v2r9 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL. | DISA STIG PostgreSQL 9.x on RHEL OS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server. | DISA STIG SQL Server 2016 Instance OS Audit v2r11 | Windows | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000060 - Default password for keystore must be changed. | DISA STIG Apache Tomcat Application Server 9 v2r6 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000060 - Default password for keystore must be changed. | DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000710 - Keystore file must be protected. | DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000007 - The Windows 2012 DNS Server key file must be owned by the account under which the Windows 2012 DNS Server service is run. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000008 - The Windows 2012 DNS Server permissions must be set so that the key file can only be read or modified by the account that runs the name server software. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000009 - The private key corresponding to the ZSK must only be stored on the name server that does support dynamic updates. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-SO-000350 - Windows Server 2019 users must be required to enter a password to access private keys stored on the computer. | DISA Windows Server 2019 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
