STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-17 — Public Key Infrastructure Certificates

CCI-001159

Definition

Issue public key certificates under an organization-defined certificate policy or obtain public key certificates from an approved service provider.

Parent Control

SC-17Public Key Infrastructure CertificatesSystem and Communications Protection

Linked STIG Checks (45)

V-255620CAT IIThe A10 Networks ADC must use DoD-approved PKI rather than proprietary or self-signed device certificates.A10 Networks ADC NDM Security Technical Implementation Guide V-255965CAT IIThe Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255965CAT IIThe Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-38748CAT IOnly DoD PKI issued or DoD approved software authentication certificates may be installed on BlackBerry PlayBook OS.BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-38749CAT IIOnly DoD PKI issued or DoD approved server authentication certificates may be installed on BlackBerry PlayBook OS.BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-271922CAT IIThe Cisco ACI must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco ACI NDM Security Technical Implementation Guide V-239942CAT IIThe Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco ASA NDM Security Technical Implementation Guide V-215711CAT IIThe Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco IOS Router NDM Security Technical Implementation Guide V-220619CAT IIThe Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco IOS Switch NDM Security Technical Implementation Guide V-215856CAT IIThe Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220567CAT IIThe Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216546CAT IIThe Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242639CAT IIThe Cisco ISE must use DoD-approved PKI rather than proprietary or self-signed device certificates.Cisco ISE NDM Security Technical Implementation Guide V-220515CAT IIThe Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Cisco NX OS Switch NDM Security Technical Implementation Guide V-255585CAT IIThe DBN-6300 must obtain its public key certificates from an appropriate certificate policy through an approved service provider.DBN-6300 NDM Security Technical Implementation Guide V-269802CAT IIThe Dell OS10 Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Dell OS10 Switch NDM Security Technical Implementation Guide V-217423CAT IIThe BIG-IP appliance must be configured to obtain its public key certificates from an appropriate certificate policy through a DoD-approved service provider.F5 BIG-IP Device Management Security Technical Implementation Guide V-266083CAT IIThe F5 BIG-IP appliance must obtain its public key certificates from an appropriate certificate policy through an approved service provider.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-255635CAT IICounterACT must obtain its public key certificates from an appropriate certificate policy through an approved service provider.ForeScout CounterACT NDM Security Technical Implementation Guide V-255636CAT IICounterACT must obtain its public key certificates from an appropriate certificate policy through an approved service provider.ForeScout CounterACT NDM Security Technical Implementation Guide V-230958CAT IIForescout must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Forescout Network Device Management Security Technical Implementation Guide V-234198CAT IIThe FortiGate device must use DoD-approved Certificate Authorities (CAs) for public key certificates.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-217482CAT IIThe HP FlexFabric Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266973CAT IIAOS must obtain its public key certificates from an appropriate certificate policy through an approved service provider.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-252198CAT IIThe HPE Nimble must obtain its public key certificates from an appropriate certificate policy through an approved service provider.HPE Nimble Storage Array NDM Security Technical Implementation Guide V-268258CAT IIThe HYCU virtual appliance must obtain its public key certificates from an appropriate certificate policy through an approved service provider.HYCU Protege Security Technical Implementation Guide V-65187CAT IIThe DataPower Gateway must obtain its public key certificates from an appropriate certificate policy through an approved service provider.IBM DataPower Network Device Management Security Technical Implementation Guide V-255773CAT IIThe MQ Appliance network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-258611CAT IIThe ICS must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Ivanti Connect Secure NDM Security Technical Implementation Guide V-251005CAT IISentry must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-253943CAT IIThe Juniper EX switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217352CAT IIThe Juniper router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Juniper Router NDM Security Technical Implementation Guide V-223207CAT IIThe Juniper SRX Services Gateway must use DOD-approved PKI rather than proprietary or self-signed device certificates.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-237434CAT IIIIf a certificate is used for the SCOM web console, this certificate must be generated by a DoD CA or CA approved by the organization.Microsoft SCOM Security Technical Implementation Guide V-246945CAT IIONTAP must use DoD-approved PKI rather than proprietary or self-signed device certificates.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202139CAT IIThe network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Network Device Management Security Requirements Guide V-228674CAT IIThe Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates.Palo Alto Networks NDM Security Technical Implementation Guide V-273838CAT IIThe RUCKUS ICX device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.RUCKUS ICX NDM Security Technical Implementation Guide V-256094CAT IIThe Riverbed NetProfiler must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.Riverbed NetProfiler Security Technical Implementation Guide V-92307CAT IIThe SEL-2740S must be adopted by OTSDN Controller(s) and obtain its public key certificates from an appropriate certificate policy through an approved service provider.SEL-2740S NDM Security Technical Implementation Guide V-279273CAT IIThe Edge SWG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Symantec Edge SWG NDM Security Technical Implementation Guide V-94691CAT IISymantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Symantec ProxySG NDM Security Technical Implementation Guide V-242257CAT IIThe TippingPoint SMS must obtain its public key certificates from an appropriate certificate policy through an approved service provider.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-69219CAT IIThe NSX vCenter must obtain its public key certificates from an appropriate certificate policy through an approved service provider.VMware NSX Manager Security Technical Implementation Guide V-251792CAT IIThe NSX-T Manager must obtain its public key certificates from an approved DoD certificate authority.VMware NSX-T Manager NDM Security Technical Implementation Guide