CCI-004068
For public key-based authentication, implement a local cache of revocation data to support path discovery and validation.
The Ubuntu operating system for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The Cisco ASA must be configured to not accept certificates that have been revoked when using PKI for authentication.
1 rule found Severity: High
The Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.
1 rule found Severity: Medium
The DNS server implementation, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The DNS server implementation must, for public key-based authentication, implement a local cache of revocation data to support path discovery and validation.
1 rule found Severity: Medium
The HPE Nimble must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
1 rule found Severity: Medium
The ICS must be configured to use DOD approved OCSP responders or CRLs to validate certificates used for PKI-based authentication.
1 rule found Severity: High
The Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
1 rule found Severity: High
Docker CLI commands must be run with an MKE client trust bundle and without unnecessary permissions.
1 rule found Severity: Medium
1 rule found Severity: Medium
The network device must be configured to implement a local cache of revocation data to support path discovery and validation for public key-based authentication.
1 rule found Severity: Medium
The Riverbed NetProfiler must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.
1 rule found Severity: Medium
1 rule found Severity: Medium
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
1 rule found Severity: High
TOSS, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
1 rule found Severity: Medium
The web server must, for public key-based authentication, implement a local cache of revocation data to support path discovery and validation.
1 rule found Severity: Medium
For PKI-based authentication, NixOS must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
For public key-based authentication, AAA Services must be configured to implement a local cache of revocation data to support path discovery and validation.
1 rule found Severity: Medium
The application server, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The ALG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The application, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
Ubuntu 22.04 LTS for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The Central Log Server must for public key-based authentication, implement a local cache of revocation data to support path discovery and validation.
1 rule found Severity: Medium
AlmaLinux OS 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
1 rule found Severity: Medium
The container platform, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The DBMS must, for public key-based authentication, implement a local cache of revocation data to support path discovery and validation.
1 rule found Severity: Medium
Forescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
1 rule found Severity: Medium
The operating system, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
AOS, when used as a VPN Gateway, must not accept certificates that have been revoked when using PKI for authentication.
1 rule found Severity: High
The Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.
1 rule found Severity: Medium
The Juniper SRX Services Gateway must use DOD-approved PKI rather than proprietary or self-signed device certificates.
1 rule found Severity: Medium
The Mainframe Product must for public key-based authentication, implement a local cache of revocation data to support path discovery and validation.
1 rule found Severity: Medium
OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
1 rule found Severity: Medium
Prisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.
1 rule found Severity: Medium
The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials.
1 rule found Severity: Medium
RHEL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
1 rule found Severity: Medium
The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
2 rules found Severity: Medium
The UEM server, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The VMM, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The VPN Gateway must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.
1 rule found Severity: Medium
The VPN Gateway must configure OCSP to ensure revoked user certificates are prohibited from establishing an allowed session.
1 rule found Severity: Medium
The VPN Gateway must configure OCSP to ensure revoked machine certificates are prohibited from establishing an allowed session.
1 rule found Severity: Medium