Navigate

CCI-002469

CCI-002469 Definition

Defines the certificate authorities allowed to be used for verification of the establishment of protected sessions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if only the use of [SC-23(05)_ODP; certificate authorities to be allowed for verification of the establishment of protected sessions are defined] for verification of the establishment of protected sessions is allowed.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing session authenticity; system design documentation; system configuration settings and associated documentation; list of certificate authorities allowed for verification of the establishment of protected sessions; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms supporting and/or implementing the management of certificate authorities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002469.

Control	Description
SC-23(5)	Only allow the use of [certificate authorities to be allowed for verification of the establishment of protected sessions are defined;] for verification of the establishment of protected sessions.