Navigate

CCI-001159

CCI-001159 Definition

Issue public key certificates under an organization-defined certificate policy or obtain public key certificates from an approved service provider.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if public key certificates are issued under [SC-17_ODP; a certificate policy for issuing public key certificates is defined], or public key certificates are obtained from an approved service provider.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing public key infrastructure certificates; public key certificate policy or policies; public key issuing process; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with responsibilities for issuing public key certificates; service providers]. Test: [SELECT FROM: Mechanisms supporting and/or implementing the management of public key infrastructure certificates].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001159.

Control	Description
SC-17	a: Issue public key certificates under an [a certificate policy for issuing public key certificates is defined;] or obtain public key certificates from an approved service provider; and b: Include only approved trust anchors in trust stores or certificate stores managed by the organization.