800-53|SC-23(5)

Title

ALLOWED CERTIFICATE AUTHORITIES

Description

The information system only allows the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.

Supplemental

Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of Secure Socket Layer (SSL) and/or Transport Layer Security (TLS) certificates. These certificates, after verification by the respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.

Reference Item Details

Related: SC-13

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: SESSION AUTHENTICITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.17 IBMW-LS-000500UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT II
1.25 VCSA-80-000195VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.51 APPL-14-001060UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.70 AZLX-23-001310UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.71 MADB-10-008500UnixCIS MariaDB Enterprise 10.x STIG v1.1.0 CAT II Unix
1.102 UBTU-24-600060UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.109 UBTU-22-631010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.116 APPL-14-003001UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.182 WN10-PK-000005WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.184 WN10-PK-000015WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.185 WN10-PK-000020WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.203 WN16-PK-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.203 WN16-PK-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.205 WN16-PK-000030WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.205 WN16-PK-000030WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.205 WN19-PK-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.205 WN19-PK-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.205 WN22-PK-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.205 WN22-PK-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.206 WN19-PK-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.206 WN19-PK-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.206 WN22-PK-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.206 WN22-PK-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.207 WN19-PK-000030WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.207 WN19-PK-000030WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.207 WN22-PK-000030WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.207 WN22-PK-000030WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.448 OL09-00-900140UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
2.18 (L2) Ensure 'Require online OCSP/CRL checks for local trust anchors' is set to 'Enabled'WindowsCIS Google Chrome L2 v3.0.0
2.70 (L2) Ensure 'Require online OCSP/CRL checks for local trust anchors' is set to 'Enabled'WindowsCIS Google Chrome Group Policy v1.0.0 L2
5.3 Set 'Prevent ignoring certificate errors' to 'Enabled'WindowsCIS IE 9 v1.0.0
5.5 Set 'Prevent ignoring certificate errors' to 'Enabled'WindowsCIS IE 11 v1.0.0
5.5 Set 'Prevent ignoring certificate errors' to 'Enabled'WindowsCIS IE 10 v1.1.0
5.08 OAS - 'Oracle Wallet Trusted Certificates - Remove certificate authorities (CAs) that are not required.'UnixCIS v1.1.0 Oracle 11g OS L2
AADC-CL-000990 - Adobe Acrobat Pro DC Classic periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001320 - Adobe Acrobat Pro DC Classic Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000990 - Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001320 - Adobe Acrobat Pro DC Continuous Periodic downloading of Adobe certificates must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.UnixDISA IBM AIX 7.x STIG v3r2
ALMA-09-041270 - AlmaLinux OS 9 must only allow the use of DOD PKI-established certificate authorities for authentication in the establishment of protected sessions to the operating system.UnixDISA Cloud Linux AlmaLinux OS 9 STIG v1r6
APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 15 Sequoia STIG v1r7
APPL-15-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.UnixDISA Apple macOS 15 Sequoia STIG v1r7
APPL-26-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 26 Tahoe STIG v1r2
APPL-26-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.UnixDISA Apple macOS 26 Tahoe STIG v1r2
ARDC-CL-000330 - Adobe Reader DC must disable periodical uploading of European certificates.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000330 - Adobe Reader DC must disable periodical uploading of European certificates.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1