CCI|CCI-001991

Title

The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002110 - AIX must setup SSH daemon to disable revoked public keys.	Unix	DISA STIG AIX 7.x v2r9
APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1
F5BI-AP-000231 - The F5 BIG-IP appliance must be configured to deny access when revocation data is unavailable using OCSP.	F5	DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3
F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r2
F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.	F5	DISA F5 BIG-IP Local Traffic Manager STIG v2r3
F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crl	Unix	DISA STIG Oracle JRE 8 Unix v1r3
JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crl	Unix	DISA STIG Oracle JRE 8 Unix v1r2
JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crl.locked	Unix	DISA STIG Oracle JRE 8 Unix v1r2
JRE8-UX-000150 - Oracle JRE 8 must enable the dialog to enable users to check for revocation - deployment.security.validation.crl.locked	Unix	DISA STIG Oracle JRE 8 Unix v1r3
JRE8-UX-000160 - Oracle JRE 8 must lock the option to enable users to check for revocation - deployment.security.revocation.check	Unix	DISA STIG Oracle JRE 8 Unix v1r2
JRE8-UX-000160 - Oracle JRE 8 must lock the option to enable users to check for revocation - deployment.security.revocation.check	Unix	DISA STIG Oracle JRE 8 Unix v1r3
JRE8-UX-000160 - Oracle JRE 8 must lock the option to enable users to check for revocation - deployment.security.revocation.check.locked	Unix	DISA STIG Oracle JRE 8 Unix v1r2
JRE8-UX-000160 - Oracle JRE 8 must lock the option to enable users to check for revocation - deployment.security.revocation.check.locked	Unix	DISA STIG Oracle JRE 8 Unix v1r3
JRE8-WN-000150 - JRE 8 must enable the dialog to check publisher certs for revocation - deployment.security.validation.crl.locked	Windows	DISA STIG Oracle JRE 8 Windows v1r5
JRE8-WN-000150 - JRE 8 must enable the dialog to enable users to check publisher certs for revocation - deployment.security.validation.crl	Windows	DISA STIG Oracle JRE 8 Windows v1r5
JRE8-WN-000150 - Oracle JRE 8 must enable the dialog to enable users to check publisher certificates for revocation - deployment.security.validation.crl	Windows	DISA STIG Oracle JRE 8 Windows v2r1
JRE8-WN-000150 - Oracle JRE 8 must enable the dialog to enable users to check publisher certificates for revocation - deployment.security.validation.crl.locked	Windows	DISA STIG Oracle JRE 8 Windows v2r1
JRE8-WN-000160 - JRE 8 must lock the option to check publisher certs for revocation - eployment.security.revocation.check.locked	Windows	DISA STIG Oracle JRE 8 Windows v1r5
JRE8-WN-000160 - JRE 8 must lock the option to enable users to check publisher certs for revocation - deployment.security.revocation.check	Windows	DISA STIG Oracle JRE 8 Windows v1r5
JRE8-WN-000160 - Oracle JRE 8 must lock the option to enable users to check publisher certificates for revocation - deployment.security.revocation.check	Windows	DISA STIG Oracle JRE 8 Windows v2r1
JRE8-WN-000160 - Oracle JRE 8 must lock the option to enable users to check publisher certificates for revocation - eployment.security.revocation.check.locked	Windows	DISA STIG Oracle JRE 8 Windows v2r1
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to Moderate	Unix	NIST macOS Monterey v1.0.0 - All Profiles
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor - which includes status information to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r7
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor - which includes status information to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r4
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor - which includes status information to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r6
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor - which includes status information to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r8
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r10
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r2
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r9
OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.	Unix	DISA Oracle Linux 8 STIG v1r1

Detections

Analytics

CCI|CCI-001991

Title

Reference Item Details

Audit Items