CCI|CCI-002470

Title

The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AADC-CL-000990 - Adobe Acrobat Pro DC Classic periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001320 - Adobe Acrobat Pro DC Classic Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000990 - Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001320 - Adobe Acrobat Pro DC Continuous Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000990 - Adobe Acrobat Pro XI periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001320 - Adobe Acrobat Pro XI Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - Certificate IssuerUnixDISA STIG AIX 7.x v2r6
AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - ldapsslkeyfUnixDISA STIG AIX 7.x v2r6
AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - useSSLUnixDISA STIG AIX 7.x v2r6
ARDC-CL-000330 - Adobe Reader DC must disable periodical uploading of European certificates.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000330 - Adobe Reader DC must disable periodical uploading of European certificates.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000810 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).UnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000810 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).UnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-003920 - Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA) in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-003930 - Docker Trusted Registry (DTR) must be integrated with a trusted certificate authority (CA) in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DTBI1075-IE11 - Prevent ignoring certificate errors option must be enabled.WindowsDISA STIG IE 11 v2r2
EP11-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
ESXI-06-300040 - The VMM must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000040 - The ESXi host must use multifactor authentication for local DCUI access to privileged accounts.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r2
F5BI-LT-000213 - The BIG-IP Core implementation must be configured to only allow the use of DoD-approved PKI-established certificate authorities for verification of the establishment of protected sessions.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
IIST-SI-000220 - A private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity.WindowsDISA IIS 10.0 Site v2r5
IIST-SI-000241 - The IIS 10.0 website must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).WindowsDISA IIS 10.0 Site v2r5
IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity.WindowsDISA IIS 8.5 Site v2r5
IISW-SI-000241 - The IIS 8.5 private website have a server certificate issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).WindowsDISA IIS 8.5 Site v2r5
JBOS-AS-000625 - JBoss must be configured to use DoD PKI-established certificate authorities for verification of the establishment of protected sessions.UnixDISA RedHat JBoss EAP 6.3 STIG v2r3
MD3X-00-000730 - MongoDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-005800 - MongoDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
MYS8-00-011900 - The MySQL Database Server 8.0 must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.UnixDISA Oracle MySQL 8.0 v1r2 OS Linux
OH12-1X-000298 - OHS must have the LoadModule ossl_module directive enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).UnixDISA STIG Oracle HTTP Server 12.1.3 v2r1
OH12-1X-000299 - OHS must have the SSLFIPS directive enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).UnixDISA STIG Oracle HTTP Server 12.1.3 v2r1