Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Release Notes
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Release Notes
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002470
CCI
CCI|CCI-002470
Title
Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.51 APPL-14-001060
Unix
CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.102 UBTU-24-600060
Unix
CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.109 UBTU-22-631010
Unix
CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.116 APPL-14-003001
Unix
CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.182 WN10-PK-000005
Windows
CIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.184 WN10-PK-000015
Windows
CIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.185 WN10-PK-000020
Windows
CIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.205 WN22-PK-000010
Windows
CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.205 WN22-PK-000010
Windows
CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.206 WN22-PK-000020
Windows
CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.206 WN22-PK-000020
Windows
CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.207 WN22-PK-000030
Windows
CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.207 WN22-PK-000030
Windows
CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
AADC-CL-000990 - Adobe Acrobat Pro DC Classic periodic downloading of Adobe European certificates must be disabled.
Windows
DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001320 - Adobe Acrobat Pro DC Classic Periodic downloading of Adobe certificates must be disabled.
Windows
DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000990 - Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled.
Windows
DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001320 - Adobe Acrobat Pro DC Continuous Periodic downloading of Adobe certificates must be disabled.
Windows
DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000990 - Adobe Acrobat Pro XI periodic downloading of Adobe European certificates must be disabled.
Windows
DISA Adobe Acrobat Pro XI STIG v1r2
ADBP-XI-001320 - Adobe Acrobat Pro XI Periodic downloading of Adobe certificates must be disabled.
Windows
DISA Adobe Acrobat Pro XI STIG v1r2
AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
Unix
DISA STIG AIX 7.x v3r1
ALMA-09-041270 - AlmaLinux OS 9 must only allow the use of DOD PKI-established certificate authorities for authentication in the establishment of protected sessions to the operating system.
Unix
DISA Cloud Linux AlmaLinux OS 9 STIG v1r5
APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.
Unix
DISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.
Unix
DISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-001060 - The macOS system must set smart card certificate trust to moderate.
Unix
DISA Apple macOS 15 Sequoia STIG v1r6
APPL-15-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.
Unix
DISA Apple macOS 15 Sequoia STIG v1r6
APPL-26-001060 - The macOS system must set smart card certificate trust to moderate.
Unix
DISA Apple macOS 26 Tahoe STIG v1r1
APPL-26-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.
Unix
DISA Apple macOS 26 Tahoe STIG v1r1
ARDC-CL-000330 - Adobe Reader DC must disable periodical uploading of European certificates.
Windows
DISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.
Windows
DISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000330 - Adobe Reader DC must disable periodical uploading of European certificates.
Windows
DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates.
Windows
DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions
Unix
DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r2
AS24-U2-000810 - The Apache web server must only accept client certificates issued by DOD PKI or DoD-approved PKI Certification Authorities (CAs) - CAs.
Unix
DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware
AS24-U2-000810 - The Apache web server must only accept client certificates issued by DOD PKI or DoD-approved PKI Certification Authorities (CAs) - CAs.
Unix
DISA STIG Apache Server 2.4 Unix Site v2r6
AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).
Windows
DISA STIG Apache Server 2.4 Windows Server v3r3
AS24-W2-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).
Windows
DISA Apache Server 2.4 Windows Site STIG v2r2
AZLX-23-001310 - Amazon Linux 2023, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
Unix
DISA Amazon Linux 2023 STIG v1r2
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to Moderate
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-010300 - PostgreSQL must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
PostgreSQLDB
DISA STIG Crunchy Data PostgreSQL DB v3r1
DB2X-00-008700 - DB2 must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions - CAs
IBM_DB2DB
DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DKER-EE-003920 - Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA) in Docker Enterprise.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
