STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SC-17

System and Communications ProtectionRev 5organization

Public Key Infrastructure Certificates

Baselines:ModerateHigh

Control Statement

a. Issue public key certificates under an [Assignment: certificate policy] or obtain public key certificates from an approved service provider; and b. Include only approved trust anchors in trust stores or certificate stores managed by the organization.

Supplemental Guidance

Public key infrastructure (PKI) certificates are certificates with visibility external to organizational systems and certificates related to the internal operations of systems, such as application-specific time services. In cryptographic systems with a hierarchical structure, a trust anchor is an authoritative source (i.e., a certificate authority) for which trust is assumed and not derived. A root certificate for a PKI system is an example of a trust anchor. A trust store or certificate store maintains a list of trusted root certificates.

Related Controls (3)

AU-10IA-5SC-12

CCI Identifiers (3)

CCI-002456Defines the certificate policy employed to issue public key certificates.CCI-001159Issue public key certificates under an organization-defined certificate policy or obtain public key certificates from an approved service provider.CCI-004909Include only approved trust anchors in trust stores or certificate stores managed by the organization.

Linked STIG Checks (87)

Across 80 STIGs. Click to expand.