Navigate

SC-23(5)

SC-23(5): Allowed Certificate Authorities

Only allow the use of [certificate authorities to be allowed for verification of the establishment of protected sessions are defined;] for verification of the establishment of protected sessions.

Supplemental

Reliance on certificate authorities for the establishment of secure sessions includes the use of Transport Layer Security (TLS) certificates. These certificates, after verification by their respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.

CIA Levels
Confidentiality	unknown
Integrity	low
Availability	unknown

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-23(5).

Control	Description
SC-12	Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [requirements for key generation, distribution, storage, access, and destruction are defined;].
SC-13	a: Determine the [cryptographic uses are defined;] ; and b: Implement the following types of cryptography required for each specified cryptographic use: [types of cryptography for each specified cryptographic use are defined;].

Enhancements

The controls below (if any) add on to the requirements of SC-23(5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-23(5).

CCI	Definition
CCI-002469	Defines the certificate authorities allowed to be used for verification of the establishment of protected sessions.
CCI-002470	Only allow the use of organization-defined certificate authorities for verification of the establishment of protected sessions.