CCI|CCI-001991

Title

The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.	Unix	DISA STIG AIX 7.x v3r1
AOSX-14-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.	Unix	DISA STIG Apple macOS 12 v1r9
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.	F5	DISA F5 BIG-IP Local Traffic Manager STIG v2r3
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - All Profiles
SYMP-AG-000420 - Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.	BlueCoat	DISA Symantec ProxySG Benchmark ALG v1r3
UBTU-20-010066 - The Ubuntu operating system for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.	Unix	DISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-612035 - Ubuntu 22.04 LTS for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.	Unix	DISA STIG Canonical Ubuntu 22.04 LTS v2r2
WDNS-IA-000011 - The Windows 2012 DNS Server must implement a local cache of revocation data for PKIauthentication in the event revocation information via the network is not accessible.	Windows	DISA Microsoft Windows 2012 Server DNS STIG v2r7

Detections

Analytics

CCI|CCI-001991

Title

Reference Item Details

Audit Items