CCI|CCI-004909

Title

Include only approved trust anchors in trust stores or certificate stores managed by the organization.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
ALMA-09-039070 - AlmaLinux OS 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
APPL-15-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.UnixDISA Apple macOS 15 (Sequoia) STIG v1r2
CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco ASA NDM v2r2
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
JUNI-ND-001430 - The Juniper router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.JuniperDISA STIG Juniper Router NDM v3r1
SPLK-CL-000040 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions.SplunkDISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
SPLK-CL-000450 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions.SplunkDISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API
TCAT-AS-000700 - DOD root CA certificates must be installed in Tomcat trust store.UnixDISA STIG Apache Tomcat Application Server 9 v3r1 Middleware
UBTU-22-612030 - Ubuntu 22.04 LTS, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA Canonical Ubuntu 22.04 LTS STIG v2r3
UBTU-24-400360 - Ubuntu 24.04 LTS, for PKI-based authentication, SSSD must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA Canonical Ubuntu 24.04 LTS STIG v1r1
UBTU-24-400375 - Ubuntu 24.04 LTS, for PKI-based authentication, Privileged Access Management (PAM) must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.UnixDISA Canonical Ubuntu 24.04 LTS STIG v1r1