NIST 800-53 Rev 5
424 controls available
SC-17moderatehigh
Public Key Infrastructure Certificates
System and Communications Protection
Control Statement
Issue public key certificates under an {{ insert: param, sc-17_odp }} or obtain public key certificates from an approved service provider; and Include only approved trust anchors in trust stores or certificate stores managed by the organization.
Discussion
Public key infrastructure (PKI) certificates are certificates with visibility external to organizational systems and certificates related to the internal operations of systems, such as application-specific time services. In cryptographic systems with a hierarchical structure, a trust anchor is an authoritative source (i.e., a certificate authority) for which trust is assumed and not derived. A root certificate for a PKI system is an example of a trust anchor. A trust store or certificate store maintains a list of trusted root certificates.
- Framework
- NIST SP 800-53 Rev 5
- Family
- System and Communications Protection
- Baselines
- moderate, high
Related Frameworks
3 paths across 1 framework
Related Frameworks
CCI3 mappings
CCI-001159
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002456
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004909
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
49 STIGs reach this control through 3 CCIs. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Server
4 STIGs
Operating System — Server
4 STIGsGeneral Purpose Operating System Security Requirements Guide
32024-12-041 of 198 findings match
M1
General Purpose Operating System Security Requirements Guide
V3R32025-09-221 of 203 findings match
M1
NetApp ONTAP DSC 9.x Security Technical Implementation Guide
22024-08-221 of 29 findings match
M1
NetApp ONTAP DSC 9.x Security Technical Implementation Guide
V2R32025-12-081 of 29 findings match
M1
Operating System — Mainframe
2 STIGs
Operating System — Mainframe
2 STIGsMainframe Product Security Requirements Guide
32024-12-051 of 193 findings match
M1
Mainframe Product Security Requirements Guide
V3R42025-09-101 of 194 findings match
M1
Network Device
26 STIGs
Network Device
26 STIGsAAA Services Security Requirements Guide
V2R22024-12-041 of 77 findings match
M1
Application Layer Gateway Security Requirements Guide
22024-12-041 of 155 findings match
M1
Application Layer Gateway Security Requirements Guide
V2R32025-09-151 of 160 findings match
M1
Arista MLS EOS 4.X NDM Security Technical Implementation Guide
V2R22025-02-201 of 21 findings match
M1
Cisco ACI NDM Security Technical Implementation Guide
12025-06-131 of 26 findings match
M1
Cisco ACI NDM Security Technical Implementation Guide
V1R22025-12-111 of 26 findings match
M1
Cisco ASA NDM Security Technical Implementation Guide
22025-05-191 of 47 findings match
M1
Cisco ASA NDM Security Technical Implementation Guide
V2R42025-12-081 of 47 findings match
M1
Show 18 more STIGs in this category →Hide additional STIGs
Cisco IOS Router NDM Security Technical Implementation Guide
32025-05-191 of 43 findings match
M1
Cisco IOS Router NDM Security Technical Implementation Guide
V3R72026-02-251 of 43 findings match
M1
Cisco IOS Switch NDM Security Technical Implementation Guide
32025-05-191 of 43 findings match
M1
Cisco IOS Switch NDM Security Technical Implementation Guide
V3R72026-02-251 of 43 findings match
M1
Cisco IOS XE Router NDM Security Technical Implementation Guide
32025-05-161 of 42 findings match
M1
Cisco IOS XE Router NDM Security Technical Implementation Guide
V3R72026-02-111 of 42 findings match
M1
Cisco IOS XE Switch NDM Security Technical Implementation Guide
32025-05-191 of 42 findings match
M1
Cisco IOS XE Switch NDM Security Technical Implementation Guide
V3R62026-03-041 of 42 findings match
M1
Cisco NX OS Switch NDM Security Technical Implementation Guide
32025-05-191 of 42 findings match
M1
Cisco NX OS Switch NDM Security Technical Implementation Guide
V3R22024-09-101 of 42 findings match
M1
Domain Name System (DNS) Security Requirements Guide
42024-07-021 of 118 findings match
M1
Domain Name System (DNS) Security Requirements Guide
V4R22025-12-191 of 119 findings match
M1
HP FlexFabric Switch NDM Security Technical Implementation Guide
V1R42025-06-121 of 79 findings match
M1
HPE Alletra Storage ArcusOS Web Server Security Technical Implementation Guide
V1R12026-03-031 of 6 findings match
M1
Juniper Router NDM Security Technical Implementation Guide
V3R22024-12-051 of 49 findings match
M1
Network Device Management Security Requirements Guide
V5R32025-02-111 of 104 findings match
M1
Network Device Management Security Requirements Guide
V5R42025-09-101 of 105 findings match
M1
RUCKUS ICX NDM Security Technical Implementation Guide
V1R12025-05-281 of 25 findings match
M1
Database
5 STIGs
Database
5 STIGsDatabase Security Requirements Guide
42024-12-041 of 142 findings match
M1
Database Security Requirements Guide
V4R52026-02-261 of 142 findings match
M1
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
V1R12026-02-201 of 55 findings match
M1
Oracle Database 19c Security Technical Implementation Guide
12025-06-241 of 96 findings match
M1
Oracle Database 19c Security Technical Implementation Guide
V1R52026-02-251 of 96 findings match
M1
Web / Application Server
5 STIGs
Web / Application Server
5 STIGsAdobe ColdFusion Security Technical Implementation Guide
V1R12025-12-191 of 84 findings match
M1
Application Server Security Requirements Guide
42025-02-111 of 128 findings match
M1
Application Server Security Requirements Guide
V4R42025-09-101 of 137 findings match
M1
Web Server Security Requirements Guide
42025-02-121 of 124 findings match
M1
Web Server Security Requirements Guide
V4R42025-09-101 of 126 findings match
M1
Virtualization / Container
5 STIGs
Virtualization / Container
5 STIGsContainer Platform Security Requirements Guide
22025-05-151 of 187 findings match
M1
Container Platform Security Requirements Guide
V2R42025-09-101 of 188 findings match
M1
Virtual Machine Manager Security Requirements Guide
22024-12-061 of 193 findings match
M1
Virtual Machine Manager Security Requirements Guide
V2R32025-09-101 of 198 findings match
M1
VMware NSX-T Manager NDM Security Technical Implementation Guide
V1R32023-06-221 of 23 findings match
M1
Endpoint Security Management
2 STIGs
Endpoint Security Management
2 STIGsCentral Log Server Security Requirements Guide
32024-12-041 of 125 findings match
M1
Central Log Server Security Requirements Guide
V3R42026-02-121 of 127 findings match
M1