Catalogs
Reference Schemes
CCI: Control Correlation Identifier
CCI-001991

CCI-001991

The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.

Details
Associations

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

The CA API Gateway providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

1 rule found Severity: Medium

LDAP integration in Docker Enterprise must be configured.

1 rule found Severity: Medium

The DataPower Gateway providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

1 rule found Severity: Medium

The Windows 2012 DNS Server must implement a local cache of revocation data for PKIauthentication in the event revocation information via the network is not accessible.

1 rule found Severity: Medium

Nutanix AOS must accept Personal Identity Verification (PIV) credentials to access the management interface.

1 rule found Severity: Medium

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

1 rule found Severity: High

Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

1 rule found Severity: Medium

The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.

1 rule found Severity: Medium

The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

1 rule found Severity: Medium

The F5 BIG-IP appliance must be configured to deny access when revocation data is unavailable using OCSP.

1 rule found Severity: Medium

The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network.

1 rule found Severity: Medium

The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions.

1 rule found Severity: Medium

The Ubuntu operating system for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.

1 rule found Severity: Medium

The F5 BIG-IP appliance providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

1 rule found Severity: Medium

AIX must setup SSH daemon to disable revoked public keys.

1 rule found Severity: Medium

Docker CLI commands must be run with an MKE client trust bundle and without unnecessary permissions.

1 rule found Severity: Medium

The Windows DNS Server must implement a local cache of revocation data for PKI authentication.

1 rule found Severity: Medium

SLEM 5, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

1 rule found Severity: Medium

The macOS system must set smart card certificate trust to moderate.

1 rule found Severity: Medium

The application, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

1 rule found Severity: Medium

Ubuntu 22.04 LTS for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.

1 rule found Severity: Medium

Dragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.

1 rule found Severity: Medium

OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

1 rule found Severity: Medium

Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.

1 rule found Severity: Medium

OpenShift must use FIPS validated LDAP or OpenIDConnect.

1 rule found Severity: High

RHEL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

1 rule found Severity: Medium

The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

2 rules found Severity: Medium

The vCenter Server must enable revocation checking for certificate-based authentication.

3 rules found Severity: Medium