CCI|CCI-000186

Title

For public key-based authentication, enforce authorized access to the corresponding private key.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.11 VCLD-80-000040UnixCIS VMware vSphere 8.0 vCenter Appliance Management Interface VAMI STIG v1.0.0 CAT II
1.12 OL08-00-010100UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.33 SQLI-22-008700WindowsCIS Microsoft SQL Server 2022 Instance STIG v1.0.0 CAT I Windows
1.35 MADB-10-004100UnixCIS MariaDB Enterprise 10.x STIG v1.1.0 CAT I Unix
1.57 APPL-26-001150UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT I
1.59 APPL-14-001150UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I
1.71 AZLX-23-001315UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.72 O19C-00-015200UnixCIS Oracle Database 19c STIG v1.1.0 CAT I Unix
1.72 O19C-00-015200WindowsCIS Oracle Database 19c STIG v1.1.0 CAT I Windows
1.123 APPL-26-003020UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT II
1.124 APPL-14-003020UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.170 OL09-00-000905UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.240 WN16-SO-000420WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.240 WN16-SO-000420WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.242 WN19-SO-000350WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.242 WN19-SO-000350WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.242 WN22-SO-000350WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.242 WN22-SO-000350WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.303 ALMA-09-038850UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.345 RHEL-09-611190UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.395 RHEL-10-701240UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
AIX7-00-003004 - AIX SSH private host key files must have mode 0600 or less permissive.UnixDISA IBM AIX 7.x STIG v3r2
ALMA-09-038850 - For PKI-based authentication, AlmaLinux OS 9 must enforce authorized access to the corresponding private key.UnixDISA Cloud Linux AlmaLinux OS 9 STIG v1r6
AOSX-13-067035 - The macOS system must enable certificate for smartcards.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003002 - The macOS system must enable certificate for smartcards.UnixDISA STIG Apple Mac OSX 10.14 v2r6
APPL-14-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 15 Sequoia STIG v1r7
APPL-15-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 15 Sequoia STIG v1r7
APPL-26-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 26 Tahoe STIG v1r2
APPL-26-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 26 Tahoe STIG v1r2
APPNET0052 - Encryption keys used for the .NET Strong Name Membership Condition must be protected.WindowsDISA Microsoft DotNet Framework 4.0 STIG v2r8
AS24-U1-000360 - The Apache web server must be configured to use a specified IP address and port.UnixDISA STIG Apache Server 2.4 Unix Server v3r2
AS24-U1-000360 - The Apache web server must be configured to use a specified IP address and port.UnixDISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key.UnixDISA STIG Apache Server 2.4 Unix Site v2r6
AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key.UnixDISA STIG Apache Server 2.4 Unix Site v2r6 Middleware
AS24-W2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key.WindowsDISA Apache Server 2.4 Windows Site STIG v2r3
AZLX-23-001315 - Amazon Linux 2023, for PKI-based authentication, must enforce authorized access to the corresponding private key.UnixDISA Amazon Linux 2023 STIG v1r3
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
BIND-9X-001140 - The BIND 9.x server private key corresponding to the zone-signing key (ZSK) pair must be the only DNSSEC key kept on a name server that supports dynamic updates.UnixDISA BIND 9.x STIG v3r2
BIND-9X-001150 - The BIND 9.x server signature generation using the key signing key (KSK) must be done offline, using the KSK-private key stored offline.UnixDISA BIND 9.x STIG v3r2
BIND-9X-001180 - The read and write access to a TSIG key file used by a BIND 9.x server must be restricted to only the account that runs the name server software.UnixDISA BIND 9.x STIG v3r2
BIND-9X-001190 - A unique TSIG key used by a BIND 9.x server must be generated for each pair of communicating hosts.UnixDISA BIND 9.x STIG v3r2
BIND-9X-001200 - The TSIG keys used with the BIND 9.x implementation must be owned by a privileged account.UnixDISA BIND 9.x STIG v3r2
BIND-9X-001210 - The TSIG keys used with the BIND 9.x implementation must be group owned by a privileged account.UnixDISA BIND 9.x STIG v3r2
CD12-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD16-00-004100 - PostgreSQL must enforce authorized access to all PKI private keys stored/used by PostgreSQL.PostgreSQLDBDISA Crunchy Data Postgres 16 STIG v1r2 PostgreSQLDB