Detections
Analytics

800-53|SC-23(5)

Title

ALLOWED CERTIFICATE AUTHORITIES

Description

The information system only allows the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.

Supplemental

Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of Secure Socket Layer (SSL) and/or Transport Layer Security (TLS) certificates. These certificates, after verification by the respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.

Reference Item Details

Related: SC-13

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: SESSION AUTHENTICITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.51 APPL-14-001060UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.102 UBTU-24-600060UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.109 UBTU-22-631010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.116 APPL-14-003001UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.172 WN16-DC-000280WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.173 WN16-DC-000290WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT I
1.173 WN19-DC-000280WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.173 WN22-DC-000280WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.174 WN16-DC-000300WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT I
1.174 WN19-DC-000290WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I
1.174 WN22-DC-000290WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I
1.175 WN19-DC-000300WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I
1.175 WN22-DC-000300WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I
1.182 WN10-PK-000005WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.183 WN10-PK-000010WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.184 WN10-PK-000015WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.185 WN10-PK-000020WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.203 WN16-PK-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.203 WN16-PK-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.204 WN16-PK-000020WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.204 WN16-PK-000020WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.205 WN16-PK-000030WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.205 WN16-PK-000030WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.205 WN19-PK-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.205 WN19-PK-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.205 WN22-PK-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.205 WN22-PK-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.206 WN19-PK-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.206 WN19-PK-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.206 WN22-PK-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.206 WN22-PK-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.207 WN19-PK-000030WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.207 WN19-PK-000030WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.207 WN22-PK-000030WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.207 WN22-PK-000030WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
2.18 (L2) Ensure 'Require online OCSP/CRL checks for local trust anchors' is set to 'Enabled'WindowsCIS Google Chrome L2 v3.0.0
2.70 (L2) Ensure 'Require online OCSP/CRL checks for local trust anchors' is set to 'Enabled'WindowsCIS Google Chrome Group Policy v1.0.0 L2
5.3 Set 'Prevent ignoring certificate errors' to 'Enabled'WindowsCIS IE 9 v1.0.0
5.5 Set 'Prevent ignoring certificate errors' to 'Enabled'WindowsCIS IE 11 v1.0.0
5.5 Set 'Prevent ignoring certificate errors' to 'Enabled'WindowsCIS IE 10 v1.1.0
5.08 OAS - 'Oracle Wallet Trusted Certificates - Remove certificate authorities (CAs) that are not required.'UnixCIS v1.1.0 Oracle 11g OS L2
AADC-CL-000990 - Adobe Acrobat Pro DC Classic periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001320 - Adobe Acrobat Pro DC Classic Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000990 - Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001320 - Adobe Acrobat Pro DC Continuous Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000990 - Adobe Acrobat Pro XI periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001320 - Adobe Acrobat Pro XI Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.UnixDISA STIG AIX 7.x v3r1
ALMA-09-041270 - AlmaLinux OS 9 must only allow the use of DOD PKI-established certificate authorities for authentication in the establishment of protected sessions to the operating system.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 14 Sonoma STIG v2r4