| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple macOS 13 v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Map identity for PKI based authentication | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Map identity for PKI based authentication | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI018 - Check for publishers certificate revocation must be enforced. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTBI365 - Checking for server certificate revocation must be enforced. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO265 - Outlook - Warning about invalid signatures must be enforced. | DISA STIG Office 2010 Outlook v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO265 - Warning about invalid signatures must be enforced. | DISA STIG Microsoft Outlook 2013 v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO267 - Outlook - Retrieving of CRL data must be set for online action. | DISA STIG Office 2010 Outlook v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO267 - Retrieving of CRL data must be set for online action. | DISA STIG Microsoft Outlook 2013 v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO268 - Missing Root Certificates warning must be enforced. | DISA STIG Microsoft Outlook 2013 v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO268 - Outlook - Missing Root Certificates warning must be enforced. | DISA STIG Office 2010 Outlook v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'client Key Label' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'ldapsslkeyf exists' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'Not Applicable' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'useSSL = yes' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'ldapsslkeyf exists' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'Not Applicable' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'useSSL = yes' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-003100 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Map identity for PKI based authentication | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-631010 - RHEL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030530 - The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA SLES 12 STIG v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030830 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010425 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WG145 IIS6 - The private web server must use an approved DoD certificate validation process. - 'Check W3SVC CertCheckMode' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WINPK-000002 - The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
