CCI-001967

The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Implementation Guidance

The organization being inspected/assessed configures the information system to use cryptographically based bidirectional authentication. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1967.

Validation Procedures

The organization conducting the inspection/assessment examine a sampling of the network infrastructure device configurations to ensure devices connecting to the infrastructure use cryptographically based bidirectional authentication. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1967.

Compelling Evidence

1.) Signed and dated documentation for use of cryptographically based bidirectional authentication. 2.) Applicable STIG/SRG checks.

The controls below (if any) were marked by NIST as being related to CCI-001967.