Item Search

NameAudit NamePluginCategory
CASA-VN-000120 - The Cisco ASA must be configured to validate certificates via a trustpoint that identifies a DoD or DoD-approved certificate authority.DISA STIG Cisco ASA VPN v2r1Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation - ipsec-clientDISA STIG Cisco ASA VPN v2r1Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation - ssl-clientDISA STIG Cisco ASA VPN v2r1Cisco

IDENTIFICATION AND AUTHENTICATION

CD12-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.DISA STIG Crunchy Data PostgreSQL OS v3r1Unix

IDENTIFICATION AND AUTHENTICATION

DTOO265 - Outlook - Warning about invalid signatures must be enforced.DISA STIG Office 2010 Outlook v1r13Windows

IDENTIFICATION AND AUTHENTICATION

DTOO265 - Warning about invalid signatures must be enforced.DISA STIG Microsoft Outlook 2013 v1r13Windows

IDENTIFICATION AND AUTHENTICATION

DTOO267 - Outlook - Retrieving of CRL data must be set for online action.DISA STIG Office 2010 Outlook v1r13Windows

IDENTIFICATION AND AUTHENTICATION

DTOO267 - Retrieving of CRL data must be set for online action.DISA STIG Microsoft Outlook 2013 v1r13Windows

IDENTIFICATION AND AUTHENTICATION

DTOO268 - Missing Root Certificates warning must be enforced.DISA STIG Microsoft Outlook 2013 v1r13Windows

IDENTIFICATION AND AUTHENTICATION

DTOO268 - Outlook - Missing Root Certificates warning must be enforced.DISA STIG Office 2010 Outlook v1r13Windows

IDENTIFICATION AND AUTHENTICATION

EDGE-00-000030 - Online revocation checks must be performed.DISA STIG Edge v2r1Windows

IDENTIFICATION AND AUTHENTICATION

EPAS-00-004500 - The EDB Postgres Advanced Server, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1Unix

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000232 - The F5 BIG-IP appliance must configure OCSP to ensure revoked user credentials are prohibited from establishing an allowed session.DISA F5 BIG-IP Access Policy Manager STIG v2r3F5

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000233 - The F5 BIG-IP appliance must configure OCSP to ensure revoked machine credentials are prohibited from establishing an allowed session.DISA F5 BIG-IP Access Policy Manager STIG v2r3F5

IDENTIFICATION AND AUTHENTICATION

F5BI-LT-000317 - The F5 BIG-IP appliance must configure OCSP to ensure revoked credentials are prohibited from establishing an allowed session.DISA F5 BIG-IP Local Traffic Manager STIG v2r3F5

IDENTIFICATION AND AUTHENTICATION

FFOX-00-000016 - Firefox must have the DOD root certificates installed.DISA STIG Mozilla Firefox Windows v6r5Windows

IDENTIFICATION AND AUTHENTICATION

FFOX-00-000016 - Firefox must have the DOD root certificates installed.DISA STIG Mozilla Firefox Linux v6r5Unix

IDENTIFICATION AND AUTHENTICATION

FFOX-00-000016 - Firefox must have the DOD root certificates installed.DISA STIG Mozilla Firefox MacOS v6r5Unix

IDENTIFICATION AND AUTHENTICATION

GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'client Key Label'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'client Key Label'DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'ldapsslkeyf exists'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'Not Applicable'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'useSSL = yes'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'useSSL = yes'DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN008000 - If using LDAP for auth or account info, certs used must be provided from DoD or an approved external PKI - 'manual cert check'DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

IDENTIFICATION AND AUTHENTICATION

GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label'DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'ldapsslkeyf exists'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'Not Applicable'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'useSSL = yes'DISA STIG AIX 5.3 v1r2Unix

IDENTIFICATION AND AUTHENTICATION

GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'useSSL = yes'DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN008040 - If using LDAP for auth or account information, the system must check that the LDAP server's certificate has not been revoked.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

IDENTIFICATION AND AUTHENTICATION

JRE8-UX-000100 - Oracle JRE 8 must set the option to enable online certificate validation - deployment.security.validation.ocspDISA STIG Oracle JRE 8 Unix v1r3Unix

IDENTIFICATION AND AUTHENTICATION

JRE8-UX-000100 - Oracle JRE 8 must set the option to enable online certificate validation - deployment.security.validation.ocsp.lockedDISA STIG Oracle JRE 8 Unix v1r3Unix

IDENTIFICATION AND AUTHENTICATION

MADB-10-004000 - MariaDB, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.DISA MariaDB Enterprise 10.x v2r1 DBMySQLDB

IDENTIFICATION AND AUTHENTICATION

Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderNIST macOS Monterey v1.0.0 - 800-53r5 ModerateUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderNIST macOS Monterey v1.0.0 - 800-53r4 HighUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderNIST macOS Monterey v1.0.0 - 800-53r4 ModerateUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderNIST macOS Monterey v1.0.0 - 800-53r5 HighUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderNIST macOS Monterey v1.0.0 - All ProfilesUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderNIST macOS Monterey v1.0.0 - CNSSI 1253Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

MYS8-00-004700 - The MySQL Database Server 8.0, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

IDENTIFICATION AND AUTHENTICATION

RHEL-08-010090 - RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-20-010060 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.DISA STIG Ubuntu 20.04 LTS v2r1Unix

IDENTIFICATION AND AUTHENTICATION

WINPK-000002 - The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems.DISA Windows Vista STIG v6r41Windows

IDENTIFICATION AND AUTHENTICATION

WN11-PK-000005 - The DoD Root CA certificates must be installed in the Trusted Root Store.DISA Windows 11 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN11-PK-000010 - The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems.DISA Windows 11 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000280 - Windows Server 2022 domain controllers must have a PKI server certificate.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000290 - Windows Server 2022 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA).DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000300 - Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA).DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION