CCI|CCI-004909

Title

Include only approved trust anchors in trust stores or certificate stores managed by the organization.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
APPL-15-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco ASA NDM v2r2
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
JUNI-ND-001430 - The Juniper router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.JuniperDISA STIG Juniper Router NDM v3r1
SPLK-CL-000040 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions.SplunkDISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
SPLK-CL-000450 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions.SplunkDISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API
TCAT-AS-000700 - DOD root CA certificates must be installed in Tomcat trust store.UnixDISA STIG Apache Tomcat Application Server 9 v3r1 Middleware
UBTU-22-612030 - Ubuntu 22.04 LTS, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA STIG Canonical Ubuntu 22.04 LTS v2r2