SRG-OS-000066-GPOS-00034 Controls

STIG IDVersionTitleProduct
APPL-14-001060V2R3The macOS system must set smart card certificate trust to moderate.
APPL-15-001060V1R3The macOS system must set smart card certificate trust to moderate.
OL08-00-010090V2R4OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
OL09-00-000900V1R1OL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
RHEL-08-010090V2R3RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
RHEL-09-631010V2R4RHEL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
SLES-12-030530V3R2The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
SLES-15-010170V2R4The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-18-010425V2R15The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-20-010060V2R1The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-22-612030V2R4Ubuntu 22.04 LTS, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-24-400360V1R1Ubuntu 24.04 LTS, for PKI-based authentication, SSSD must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-24-400375V1R1Ubuntu 24.04 LTS, for PKI-based authentication, Privileged Access Management (PAM) must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
WN10-PK-000005V3R4The DoD Root CA certificates must be installed in the Trusted Root Store.
WN10-PK-000010V3R4The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems.
WN10-PK-000015V3R4The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
WN10-PK-000020V3R4The US DOD CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
WN11-PK-000005V2R3The DoD Root CA certificates must be installed in the Trusted Root Store.
WN11-PK-000010V2R3The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems.
WN11-PK-000015V2R3The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
WN16-DC-000280V2R9Domain controllers must have a PKI server certificate.
WN16-DC-000290V2R9Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN16-DC-000300V2R9PKI certificates associated with user accounts must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN16-PK-000010V2R9The DoD Root CA certificates must be installed in the Trusted Root Store.
WN16-PK-000020V2R9The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
WN16-PK-000030V2R9The US DoD CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
WN19-DC-000280V3R4Windows Server 2019 domain controllers must have a PKI server certificate.
WN19-DC-000290V3R4Windows Server 2019 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN19-DC-000300V3R4Windows Server 2019 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA).
WN19-PK-000010V3R4Windows Server 2019 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store.
WN19-PK-000020V3R4Windows Server 2019 must have the DoD Interoperability Root Certificate Authority (CA) cross-certificates installed in the Untrusted Certificates Store on unclassified systems.
WN19-PK-000030V3R4Windows Server 2019 must have the US DoD CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems.
WN22-DC-000280V2R4Windows Server 2022 domain controllers must have a PKI server certificate.
WN22-DC-000290V2R4Windows Server 2022 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN22-DC-000300V2R4Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA).
WN22-PK-000010V2R4Windows Server 2022 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store.
WN22-PK-000020V2R4Windows Server 2022 must have the DoD Interoperability Root Certificate Authority (CA) cross-certificates installed in the Untrusted Certificates Store on unclassified systems.
WN22-PK-000030V2R4Windows Server 2022 must have the US DOD CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.