NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-5(14)Managing Content of PKI Trust Stores

For PKI-based authentication, employ an organization-wide methodology for managing the content of PKI trust stores installed across all platforms, including networks, operating systems, browsers, and applications.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

An organization-wide methodology for managing the content of PKI trust stores helps improve the accuracy and currency of PKI-based authentication credentials across the organization.

Practitioner Notes

This enhancement requires managing the content of PKI trust stores — controlling which certificate authorities your systems trust.

Example 1: Use Group Policy to manage the Trusted Root Certificate Authorities store on all domain-joined machines, removing untrusted CAs and adding only your organization's approved CAs.

Example 2: Regularly audit the certificate trust list on your servers and devices, removing any root CAs that are not needed for your business operations to reduce attack surface.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts