Navigate

CCI-002470

CCI-002470 Definition

Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if only the use of [SC-23(05)_ODP; certificate authorities to be allowed for verification of the establishment of protected sessions are defined] for verification of the establishment of protected sessions is allowed.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing session authenticity; system design documentation; system configuration settings and associated documentation; list of certificate authorities allowed for verification of the establishment of protected sessions; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms supporting and/or implementing the management of certificate authorities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002470.

Control	Description
SC-23(5)	Only allow the use of [certificate authorities to be allowed for verification of the establishment of protected sessions are defined;] for verification of the establishment of protected sessions.