CCI|CCI-000187

Title

For public key-based authentication, map the authenticated identity to the account of the individual or group.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.14 IBMW-LS-000390UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT I
1.17 IBMW-LS-000500UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT II
1.36 MADB-10-004200MySQLDBCIS MariaDB Enterprise 10.x STIG v1.1.0 CAT II MySQLDB
1.67 AZLX-23-001295UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.71 SLES-15-020030UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.73 O19C-00-015300OracleDBCIS Oracle Database 19c STIG v1.1.0 CAT II OracleDB
1.93 UBTU-24-400370UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT I
1.108 UBTU-22-612040UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT I
1.124 APPL-26-003030UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT II
1.125 APPL-14-003030UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.165 OL08-00-020090UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.171 OL09-00-000910UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.304 ALMA-09-038960UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.349 RHEL-09-631015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.399 RHEL-10-701280UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
ALMA-09-038960 - AlmaLinux OS 9 must map the authenticated identity to the user or group account for PKI-based authentication.UnixDISA Cloud Linux AlmaLinux OS 9 STIG v1r6
AOSX-14-003005 - The macOS system must map the authenticated identity to the user or group account for PKI-based authentication.UnixDISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-003020 - The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts.UnixDISA STIG Apple macOS 13 v1r5
APPL-14-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 15 Sequoia STIG v1r7
APPL-26-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 26 Tahoe STIG v1r2
ARBA-ND-000247 - AOS must be configured to use DOD public key infrastructure (PKI) as multifactor authentication (MFA) for interactive logins.ArubaOSDISA HPE Aruba Networking AOS NDM STIG v1r1
ARBA-VN-000490 - The VPN Gateway must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).ArubaOSDISA HPE Aruba Networking AOS VPN STIG v1r1
AZLX-23-001295 - Amazon Linux 2023 must map the authenticated identity to the user or group account for PKI-based authentication.UnixDISA Amazon Linux 2023 STIG v1r3
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Map identity for PKI based authenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Map identity for PKI based authenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
CASA-VN-000390 - The Cisco ASA remote access VPN server must be configured to use a separate authentication server than that used for administrative access.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network.CiscoDISA STIG Cisco ASA VPN v2r2
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
CD12-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD16-00-004200 - PostgreSQL must map the PKI-authenticated identity to an associated user account.UnixDISA Crunchy Data Postgres 16 STIG v1r2 Unix