CCI-000186

Implementation Guidance

Determine if authorized access to the corresponding private key is enforced for public key-based authentication.

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; procedures addressing authenticator management; system security plan; system design documentation; system configuration settings and associated documentation; PKI certification validation records; PKI certification revocation lists; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with PKI-based, authenticator management responsibilities; organizational personnel with information security responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Mechanisms supporting and/or implementing PKI-based, authenticator management capability].