800-53|IA-5(2)(d)

Title

PKI-BASED AUTHENTICATION

Description

Implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.UnixDISA STIG AIX 7.x v2r5
AOSX-14-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crlUnixDISA STIG Oracle JRE 8 Unix v1r3
JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crl.lockedUnixDISA STIG Oracle JRE 8 Unix v1r3
JRE8-UX-000160 - Oracle JRE 8 must lock the option to enable users to check for revocation - deployment.security.revocation.checkUnixDISA STIG Oracle JRE 8 Unix v1r3
JRE8-UX-000160 - Oracle JRE 8 must lock the option to enable users to check for revocation - deployment.security.revocation.check.lockedUnixDISA STIG Oracle JRE 8 Unix v1r3
JRE8-WN-000150 - Oracle JRE 8 must enable the dialog to enable users to check publisher certificates for revocation - deployment.security.validation.crlWindowsDISA STIG Oracle JRE 8 Windows v2r1
JRE8-WN-000150 - Oracle JRE 8 must enable the dialog to enable users to check publisher certificates for revocation - deployment.security.validation.crl.lockedWindowsDISA STIG Oracle JRE 8 Windows v2r1
JRE8-WN-000160 - Oracle JRE 8 must lock the option to enable users to check publisher certificates for revocation - deployment.security.revocation.checkWindowsDISA STIG Oracle JRE 8 Windows v2r1
JRE8-WN-000160 - Oracle JRE 8 must lock the option to enable users to check publisher certificates for revocation - eployment.security.revocation.check.lockedWindowsDISA STIG Oracle JRE 8 Windows v2r1
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA Oracle Linux 8 STIG v1r2
SLES-12-030530 - The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA SLES 12 STIG v2r6
SLES-15-010170 - The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA SLES 15 STIG v1r6
SYMP-AG-000420 - Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.BlueCoatDISA Symantec ProxySG Benchmark ALG v1r3
UBTU-16-030830 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010425 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA STIG Ubuntu 18.04 LTS v2r7
UBTU-20-010066 - The Ubuntu operating system for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.UnixDISA STIG Ubuntu 20.04 LTS v1r4
WDNS-IA-000011 - The Windows 2012 DNS Server must implement a local cache of revocation data for PKIauthentication in the event revocation information via the network is not accessible.WindowsDISA Microsoft Windows 2012 Server DNS STIG v2r5