| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.10 Ensure Web Tier ELB have the latest SSL Security Policies configured | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13 Ensure App Tier ELB have the latest SSL Security Policies configured | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Cisco ASA NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000195 - The FortiGate device must use DoD-approved Certificate Authorities (CAs) for public key certificates. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Huawei: HTTPS Server requires SSL policy | TNS Huawei VRP Best Practice Audit | Huawei | SYSTEM AND COMMUNICATIONS PROTECTION |
| Install a trusted CA certificate on the pool | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Install a trusted certificate in place of the default self-signed SSL certificate | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000660 - The Juniper EX switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Juniper EX Series Network Device Management v2r1 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Web Interface - Does not use self-signed cert | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. - attribute keyring | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
