| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.10 Ensure Web Tier ELB have the latest SSL Security Policies configured | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13 Ensure App Tier ELB have the latest SSL Security Policies configured | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure a Valid Trusted Certificate Is Installed | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider - enrollment | DISA STIG Cisco IOS XE Switch NDM v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000030 - Exchange Servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Client Access Server STIG v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000030 - Exchange Servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Client Access Server STIG v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000010 - Exchange servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000010 - Exchange Servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Mailbox Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000083 - The BIG-IP Core implementation must be configured to validate certificates used for TLS functions for connections to virtual servers by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'client Key Label' | DISA STIG AIX 6.1 v1r13 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008000 - Certificates used to authenticate to the LDAP server must be provided from DoD-approved external PKI - 'ldapsslkeyf exists' | DISA STIG AIX 6.1 v1r13 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'client Key Label' | DISA STIG AIX 6.1 v1r13 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'ldapsslkeyf exists' | DISA STIG AIX 6.1 v1r13 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Huawei: HTTPS Server requires SSL policy | TNS Huawei VRP Best Practice Audit | Huawei | SYSTEM AND COMMUNICATIONS PROTECTION |
| Install a trusted CA certificate on the pool | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Install a trusted certificate in place of the default self-signed SSL certificate | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000770 - MongoDB must maintain the confidentiality and integrity of information during reception - PEMKeyFile | DISA STIG MongoDB Enterprise Advanced 3.x v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000770 - MongoDB must maintain the confidentiality and integrity of information during reception. - PEMKeyFile | DISA STIG MongoDB Enterprise Advanced 3.x v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Web Interface - Does not use self-signed cert | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG145 IIS7 - The private web server must use an approved DoD certificate validation process. | DISA IIS 7.0 Web Server v1r19 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
