Capacity
CCI-001991
The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.
3
Rule
Severity: Medium
Configure Smart Card Certificate Authority Validation
1
Rule
Severity: Medium
Configure Smart Card Local Cache of Revocation Data
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
1
Rule
Severity: Medium
The ALG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The application server, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
2
Rule
Severity: Medium
The application, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The CA API Gateway providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
LDAP integration in Docker Enterprise must be configured.
1
Rule
Severity: Medium
The DNS server implementation, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The DataPower Gateway providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The Windows 2012 DNS Server must implement a local cache of revocation data for PKIauthentication in the event revocation information via the network is not accessible.
1
Rule
Severity: Medium
Nutanix AOS must accept Personal Identity Verification (PIV) credentials to access the management interface.
2
Rule
Severity: Medium
Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.
1
Rule
Severity: High
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
1
Rule
Severity: Medium
Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The UEM server, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
3
Rule
Severity: Medium
The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions.
2
Rule
Severity: Medium
The macOS system must set smart card certificate trust to moderate.
1
Rule
Severity: Medium
The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
2
Rule
Severity: Medium
The Ubuntu operating system for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The container platform, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
The operating system, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
2
Rule
Severity: Medium
AIX must setup SSH daemon to disable revoked public keys.
2
Rule
Severity: Medium
OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
1
Rule
Severity: Medium
Automation Controller must be configured to use an enterprise user management system.
2
Rule
Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
4
Rule
Severity: Medium
The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
2
Rule
Severity: Medium
RHEL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
1
Rule
Severity: Medium
The VMM, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
4
Rule
Severity: Medium
The vCenter Server must enable revocation checking for certificate-based authentication.
2
Rule
Severity: Medium
The Windows DNS Server must implement a local cache of revocation data for PKI authentication.
1
Rule
Severity: Medium
The F5 BIG-IP appliance must be configured to deny access when revocation data is unavailable using OCSP.
1
Rule
Severity: Medium
The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
Dragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.
1
Rule
Severity: Medium
The F5 BIG-IP appliance providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1
Rule
Severity: Medium
Docker CLI commands must be run with an MKE client trust bundle and without unnecessary permissions.
1
Rule
Severity: Medium
SLEM 5, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules