id: os_map_pki_identity
title: "Map identity for PKI based authentication"
discussion: |
  Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
check: |
  For directory bound systems, the technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
fix: |
  For directory bound systems, the technology inherently meets this requirement. No fix is required.
references:
  cce:
    - CCE-84873-9
  cci:
    - CCI-000187
  800-53r4:
    - IA-5(2)(c)
  disa_stig:
    - AOSX-15-100003
  srg:
    - SRG-OS-000068-GPOS-00036
macOS:
  - "10.15"
tags:
  - cnssi-1253
  - fisma-moderate
  - fisma-high
  - STIG
  - inherent
mobileconfig: false
mobileconfig_info: