Detections
Analytics

800-53|IA-5(2)(a)

Title

PKI-BASED AUTHENTICATION

Description

Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information;

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.6 Set OCSP Response PolicyWindowsCIS Mozilla Firefox 38 ESR Windows L2 v1.0.0
4.6 Set OCSP Response PolicyUnixCIS Mozilla Firefox 38 ESR Linux L2 v1.0.0
5.2 Set 'Check for server certificate revocation' to 'Enabled'WindowsCIS IE 10 v1.1.0
5.6 Enable OCSP and CRL certificate checking - CRLStyleUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.6 Enable OCSP and CRL certificate checking - CRLStyleUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
5.6 Enable OCSP and CRL certificate checking - OCSPStyleUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
5.6 Enable OCSP and CRL certificate checking - OCSPStyleUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.25 sqlnet.ora - 'ssl_cert_revocation = REQUIRED'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 2
AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000750 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 12 v1r9
APPNET0048 - Developer certificates used with the .NET Publisher Membership Condition must be approved by the ISSO.WindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r4
AS24-W1-000380 - The Apache web server must perform RFC 5280-compliant certification path validation.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000380 - The Apache web server must perform RFC 5280-compliant certification path validation.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - All Profiles
CASA-VN-000120 - The Cisco ASA must be configured to validate certificates via a trustpoint that identifies a DoD or DoD-approved certificate authority.CiscoDISA STIG Cisco ASA VPN v2r2
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Check for server certificate revocationWindowsMSCT Windows 10 1909 v1.0.0
Check for server certificate revocationWindowsMSCT Windows 10 v20H2 v1.0.0
Check for server certificate revocationWindowsMSCT Windows 10 v22H2 v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server 1903 MS v1.19.9
Check for server certificate revocationWindowsMSCT Windows 11 v24H2 v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server 2022 v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server v20H2 MS v1.0.0
Check for server certificate revocationWindowsMSCT Windows 10 1809 v1.0.0
Check for server certificate revocationWindowsMSCT Windows 10 v21H1 v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server 1903 DC v1.19.9
Check for server certificate revocationWindowsMSCT Windows Server v1909 MS v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server v2004 MS v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server 2019 MS v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server v1909 DC v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server v2004 DC v1.0.0
Check for server certificate revocationWindowsMSCT Windows Server 2016 MS v1.0.0
Check for server certificate revocationWindowsMSCT Windows 10 v2004 v1.0.0
Check for server certificate revocationWindowsMSCT Windows 10 1903 v1.19.9
Check for server certificate revocationWindowsMSCT Windows 11 v22H2 v1.0.0