SRG-OS-000066-GPOS-00034 Controls

STIG IDVersionTitleProduct
UBTU-18-010425V2R15The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-20-010060V1R9The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-24-400360V1R1Ubuntu 24.04 LTS, for PKI-based authentication, SSSD must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
UBTU-24-400375V1R1Ubuntu 24.04 LTS, for PKI-based authentication, Privileged Access Management (PAM) must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
WN22-DC-000280V2R1Windows Server 2022 domain controllers must have a PKI server certificate.
WN22-DC-000290V2R1Windows Server 2022 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN22-DC-000300V2R1Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA).
WN22-PK-000010V2R1Windows Server 2022 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store.
WN22-PK-000020V2R1Windows Server 2022 must have the DoD Interoperability Root Certificate Authority (CA) cross-certificates installed in the Untrusted Certificates Store on unclassified systems.
WN22-PK-000030V2R1Windows Server 2022 must have the US DoD CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems.
WN10-PK-000005V2R8The DoD Root CA certificates must be installed in the Trusted Root Store.
WN10-PK-000010V2R8The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems.
WN10-PK-000015V2R8The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
WN10-PK-000020V2R8The US DoD CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
APPL-15-001060V1R1The macOS system must set smart card certificate trust to moderate.
APPL-14-001060V2R1The macOS system must set smart card certificate trust to moderate.
WN11-PK-000005V2R1The DoD Root CA certificates must be installed in the Trusted Root Store.
WN11-PK-000010V2R1The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems.
WN11-PK-000015V2R1The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
UBTU-22-612030V2R1Ubuntu 22.04 LTS, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
RHEL-08-010090V1R9RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
RHEL-09-631010V2R1RHEL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
OL09-00-000900V1R1OL 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
WN16-DC-000280V2R10Domain controllers must have a PKI server certificate.
WN16-DC-000290V2R10Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN16-DC-000300V2R10PKI certificates associated with user accounts must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN16-PK-000010V2R10The DoD Root CA certificates must be installed in the Trusted Root Store.
WN16-PK-000020V2R10The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
WN16-PK-000030V2R10The US DoD CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems.
SLES-15-010170V1R9The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
SLES-12-030530V2R13The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
WN19-DC-000280V2R8Windows Server 2019 domain controllers must have a PKI server certificate.
WN19-DC-000290V2R8Windows Server 2019 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA).
WN19-DC-000300V2R8Windows Server 2019 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA).
WN19-PK-000010V2R8Windows Server 2019 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store.
WN19-PK-000020V2R8Windows Server 2019 must have the DoD Interoperability Root Certificate Authority (CA) cross-certificates installed in the Untrusted Certificates Store on unclassified systems.
WN19-PK-000030V2R8Windows Server 2019 must have the US DoD CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems.
OL08-00-010090V1R9OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.