CCI|CCI-000185

Title

The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - ldapsslkeyf	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - ldapsslkeyf	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - ldapsslkeyf	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - ldapsslkeyf	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - ldapsslkeyf	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - ldapsslkeyf	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - useSSL	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - useSSL	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - useSSL	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - useSSL	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - useSSL	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - useSSL	Unix	DISA STIG AIX 7.x v2r6
AOSX-12-000750 - The OS X system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.12 v1r6
AOSX-13-000750 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.13 v2r3
AOSX-13-000750 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.13 v2r1
AOSX-13-000750 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.14 v2r4
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.14 v2r5
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.14 v2r1
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.15 v1r3
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.15 v1r5
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.15 v1r7
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r3
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r7
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r1
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r6
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 12 V1R2
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 12 v1r5
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 12 v1r7
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 12 v1r3
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 12 v1r4
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-13-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 13 v1r2
APPL-13-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 13 v1r1
APPL-13-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 13 v1r3
APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
APPNET0031 - Digital signatures assigned to strongly named assemblies must be verified.	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v2r4
APPNET0031 - Digital signatures assigned to strongly named assemblies must be verified.	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v2r1

Detections

Analytics

CCI|CCI-000185

Title

Reference Item Details

Audit Items