Item Search

NameAudit NamePluginCategory
AADC-CL-000990 - Adobe Acrobat Pro DC Classic periodic downloading of Adobe European certificates must be disabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AADC-CN-000990 - Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled.DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AADC-CN-001320 - Adobe Acrobat Pro DC Continuous Periodic downloading of Adobe certificates must be disabled.DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

ADBP-XI-000990 - Adobe Acrobat Pro XI periodic downloading of Adobe European certificates must be disabled.DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

ADBP-XI-001320 - Adobe Acrobat Pro XI Periodic downloading of Adobe certificates must be disabled.DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

ARDC-CL-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.DISA STIG Adobe Acrobat Reader DC Classic Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

ARDC-CN-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).DISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W2-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).DISA STIG Apache Server 2.4 Windows Site v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-008700 - DB2 must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions - CAsDISA STIG IBM DB2 v10.5 LUW v2r1 DatabaseIBM_DB2DB

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-003920 - Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA) in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-003930 - Docker Trusted Registry (DTR) must be integrated with a trusted certificate authority (CA) in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI1075-IE11 - Prevent ignoring certificate errors option must be enabled.DISA STIG IE 11 v2r4Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EP11-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-06-300040 - The VMM must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

SYSTEM AND COMMUNICATIONS PROTECTION

F5BI-AP-000235 - The F5 BIG-IP appliance APM Access Policies that grant access to web application resources must allow only client certificates that have the User Persona Name (UPN) value in the User Persona Client Certificates.DISA F5 BIG-IP Access Policy Manager STIG v2r3F5

SYSTEM AND COMMUNICATIONS PROTECTION

IIST-SI-000241 - The IIS 10.0 website must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).DISA IIS 10.0 Site v2r9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

JBOS-AS-000625 - JBoss must be configured to use DoD PKI-established certificate authorities for verification of the establishment of protected sessions.DISA RedHat JBoss EAP 6.3 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

MD4X-00-005800 - MongoDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.DISA STIG MongoDB Enterprise Advanced 4.x v1r2 OSUnix

SYSTEM AND COMMUNICATIONS PROTECTION

MYS8-00-011900 - The MySQL Database Server 8.0 must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.DISA Oracle MySQL 8.0 v1r4 OS LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000298 - OHS must have the LoadModule ossl_module directive enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000299 - OHS must have the SSLFIPS directive enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000300 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) - SSLEngineDISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000300 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) - SSLProtocolDISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000300 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) - SSLWalletDISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000301 - OHS must have the SSLCipherSuite directive enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000302 - OHS must have the SSLVerifyClient directive enabled to only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000303 - OHS must use wallets that have only DoD certificate authorities defined.DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

PANW-AG-000101 - The Palo Alto Networks security platform being used for TLS/SSL decryption using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certificate Authorities (CAs) for the establishment of protected sessions.DISA STIG Palo Alto ALG v2r3Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

PGS9-00-010300 - PostgreSQL must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions - ssl_ca_fileDISA STIG PostgreSQL 9.x on RHEL DB v2r3PostgreSQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

PGS9-00-010300 - PostgreSQL must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions - ssl_cert_fileDISA STIG PostgreSQL 9.x on RHEL DB v2r3PostgreSQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

PPS9-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions - CAsEDB PostgreSQL Advanced Server OS Linux Audit v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

SPLK-CL-000040 - Splunk Enterprise must only allow the use of DoD-approved certificate authorities for cryptographic functions.DISA STIG Splunk Enterprise 7.x for Windows v2r4 REST APISplunk

SYSTEM AND COMMUNICATIONS PROTECTION

SPLK-CL-000450 - Splunk Enterprise must only allow the use of DoD-approved certificate authorities for cryptographic functions.DISA STIG Splunk Enterprise 8.x for Linux v1r5 STIG REST APISplunk

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000500 - If reverse proxy is used for validating and restricting certs from external entities, and this function is required by the SSP, Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-001430 - Certificates in the trust store must be issued/signed by an approved CA.DISA STIG Apache Tomcat Application Server 9 v2r6 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-20-010443 - The Ubuntu operating system must use DoD PKI-established certificate authorities for verification of the establishment of protected sessions.DISA STIG Ubuntu 20.04 LTS v1r10Unix

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-20-010443 - The Ubuntu operating system must use DoD PKI-established certificate authorities for verification of the establishment of protected sessions.DISA STIG Ubuntu 20.04 LTS v1r7Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCSA-70-000195 - The vCenter Server Machine Secure Sockets Layer (SSL) certificate must be issued by a DOD certificate authority.DISA STIG VMware vSphere 7.0 vCenter v1r2VMware

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001460 - The WebSphere Application Server personal certificates in all keystores must be issued by an approved DoD CA.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001460 - The WebSphere Application Server personal certificates in all keystores must be issued by an approved DoD CA.DISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001460 - The WebSphere Application Server personal certificates in all keystores must be issued by an approved DoD CA.DISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WDNS-SC-000022 - The Windows 2012 DNS Server must only allow the use of an approved DoD PKI-established certificate authorities for verification of the establishment of protected transactions.DISA Microsoft Windows 2012 Server DNS STIG v2r5Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WINPK-000001 - The DoD Root CA certificates must be installed in the Trusted Root Store.DISA Windows Vista STIG v6r41Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

WINPK-000003 - The DoD Interoperability Root CA cross-certificates must be installed.DISA Windows Vista STIG v6r41Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

WINPK-000004 - The US DoD CCEB Interoperability Root CA cross-certificate must be installed.DISA Windows Vista STIG v6r41Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

WN11-PK-000015 - The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems - 1/2DISA Windows 11 STIG v1r5Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-PK-000020 - The US DoD CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.DISA Windows 11 STIG v1r5Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN22-PK-000010 - Windows Server 2022 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root StoreDISA Windows Server 2022 STIG v1r4Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

WN22-PK-000030 - Windows Server 2022 must have the US DoD CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems - 2/2DISA Windows Server 2022 STIG v1r4Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION