Detections
Analytics

800-53|SC-17

Title

PUBLIC KEY INFRASTRUCTURE CERTIFICATES

Description

The organization issues public key certificates under an [Assignment: organization-defined certificate policy] or obtains public key certificates from an approved service provider.

Supplemental

For all certificates, organizations manage information system trust stores to ensure only approved trust anchors are in the trust stores. This control addresses both certificates with visibility external to organizational information systems and certificates related to the internal operations of systems, for example, application'specific time services.

Reference Item Details

Related: SC-12

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to HighUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Set Smartcard Certificate Trust to HighUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to HighUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco ASA NDM v2r2
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Set Smartcard Certificate Trust to HighUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to HighUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Set Smartcard Certificate Trust to HighUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
F5BI-DM-000283 - The BIG-IP appliance must be configured to obtain its public key certificates from an appropriate certificate policy through a DoD-approved service provider.F5DISA F5 BIG-IP Device Management STIG v2r3
Huawei: HTTPS Server requires SSL policyHuaweiTNS Huawei VRP Best Practice Audit
Install a trusted certificate in place of the default self-signed SSL certificateUnixTNS Citrix Hypervisor
Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Set Smartcard Certificate Trust to HighUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Set Smartcard Certificate Trust to HighUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Set Smartcard Certificate Trust to HighUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - All Profiles
PANW-NM-000141 - The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.Palo_AltoDISA STIG Palo Alto NDM v3r2
SonicWALL - Web Interface - Does not use self-signed certSonicWALLTNS SonicWALL v5.9