CCI|CCI-001159

Title

Issue public key certificates under an organization-defined certificate policy or obtain public key certificates from an approved service provider.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Cisco	DISA STIG Cisco ASA NDM v2r2
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Cisco	DISA STIG Cisco IOS Router NDM v3r2
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Cisco	DISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Cisco	DISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Cisco	DISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Cisco	DISA STIG Cisco IOS XE Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Cisco	DISA STIG Cisco NX-OS Switch NDM v3r2
F5BI-DM-000283 - The BIG-IP appliance must be configured to obtain its public key certificates from an appropriate certificate policy through a DoD-approved service provider.	F5	DISA F5 BIG-IP Device Management STIG v2r4
FGFW-ND-000195 - The FortiGate device must use DoD-approved Certificate Authorities (CAs) for public key certificates.	FortiGate	DISA Fortigate Firewall NDM STIG v1r4
JUEX-NM-000660 - The Juniper EX switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Juniper	DISA Juniper EX Series Network Device Management v2r2
JUNI-ND-001430 - The Juniper router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.	Juniper	DISA STIG Juniper Router NDM v3r2
JUSX-DM-000105 - The Juniper SRX Services Gateway must use DOD-approved PKI rather than proprietary or self-signed device certificates.	Juniper	DISA Juniper SRX Services Gateway NDM v3r2
PANW-NM-000141 - The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.	Palo_Alto	DISA STIG Palo Alto NDM v3r2
SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.	BlueCoat	DISA Symantec ProxySG Benchmark NDM v1r2
SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. - attribute keyring	BlueCoat	DISA Symantec ProxySG Benchmark NDM v1r2