SC-23
SC-23: Session Authenticity
The information system protects the authenticity of communications sessions.
Supplemental
This control addresses communications protection at the session, versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Authenticity protection includes, for example, protecting against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | low |
Availability | unknown |
Overlays |
---|
None |