Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002470
CCI
CCI|CCI-002470
Title
Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AOSX-14-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
Unix
DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.
Unix
DISA STIG Apple macOS 11 v1r8
APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.
Unix
DISA STIG Apple macOS 11 v1r5
APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.
Unix
DISA STIG Apple macOS 12 v1r9
APPL-14-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.
Unix
DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.
Unix
DISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).
Windows
DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - CNSSI 1253
EP11-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Windows
EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Unix
EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
MADB-10-008500 - MariaDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
MySQLDB
DISA MariaDB Enterprise 10.x v2r2 DB
MADB-10-008500 - MariaDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Unix
DISA MariaDB Enterprise 10.x v2r2 OS Linux
MD3X-00-000730 - MongoDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Unix
DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-005800 - MongoDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Unix
DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD7X-00-008400 MongoDB must only accept end entity certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Unix
DISA MongoDB Enterprise Advanced 7.x STIG v1r1
Monterey - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-011900 - The MySQL Database Server 8.0 must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Unix
DISA Oracle MySQL 8.0 v2r2 OS Linux
OH12-1X-000299 - OHS must have the SSLFIPS directive enabled so SSL requests can be processed with client certificates only issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
PPS9-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
Unix
EDB PostgreSQL Advanced Server OS Linux Audit v2r3
SPLK-CL-000040 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions.
Splunk
DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
SPLK-CL-000450 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions.
Splunk
DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API
UBTU-18-010436 - The Ubuntu operating system must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
Unix
DISA STIG Ubuntu 18.04 LTS v2r15
WINPK-000001 - The DoD Root CA certificates must be installed in the Trusted Root Store.
Windows
DISA Windows Vista STIG v6r41
WN12-PK-000001 - The DoD Root CA certificates must be installed in the Trusted Root Store
Windows
DISA Windows Server 2012 and 2012 R2 DC STIG v3r7
WN12-PK-000001 - The DoD Root CA certificates must be installed in the Trusted Root Store
Windows
DISA Windows Server 2012 and 2012 R2 MS STIG v3r7
