Navigate

SC-23(5)

SC-23(5): Allowed Certificate Authorities

The information system only allows the use of [one of ] for verification of the establishment of protected sessions.

Supplemental

Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of Secure Socket Layer (SSL) and/or Transport Layer Security (TLS) certificates. These certificates, after verification by the respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.

CIA Levels
Confidentiality	unknown
Integrity	low
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-23(5).

Control	Description
SC-13	The information system implements [one of ] in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Enhancements

The controls below (if any) add on to the requirements of SC-23(5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-23(5).

CCI	Definition
CCI-002469	Defines the certificate authorities allowed to be used for verification of the establishment of protected sessions.
CCI-002470	Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.