Navigate

SI-4 (10)

SI-4 (10): Visibility Of Encrypted Communications

The organization makes provisions so that [Assignment: organization-defined encrypted communications traffic] is visible to [Assignment: organization-defined information system monitoring tools].

Supplemental

Organizations balance the potentially conflicting needs for encrypting communications traffic and for having insight into such traffic from a monitoring perspective. For some organizations, the need to ensure the confidentiality of communications traffic is paramount; for others, mission-assurance is of greater concern. Organizations determine whether the visibility requirement applies to internal encrypted traffic, encrypted traffic intended for external destinations, or a subset of the traffic types.

CIA Levels
Confidentiality	moderate
Integrity	moderate
Availability	moderate

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4 (10).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-4 (10).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4 (10).

CCI	Definition
CCI-002665	The organization defines the encrypted communications traffic that is to be visible to organization-defined information system monitoring tools.
CCI-002666	The organization defines the information system monitoring tools that will have visibility into organization-defined encrypted communications traffic.
CCI-002667	The organization makes provisions so that organization-defined encrypted communications traffic is visible to organization-defined information system monitoring tools.