SC-23 (5)
SC-23 (5): Allowed Certificate Authorities
The information system only allows the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.
Supplemental
Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of Secure Socket Layer (SSL) and/or Transport Layer Security (TLS) certificates. These certificates, after verification by the respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | low |
Availability | unknown |
Overlays |
---|
None |