Navigate

SI-4(10)

SI-4(10): Visibility of Encrypted Communications

Make provisions so that [encrypted communications traffic to be made visible to system monitoring tools and mechanisms is defined;] is visible to [system monitoring tools and mechanisms to be provided access to encrypted communications traffic are defined;].

Supplemental

Organizations balance the need to encrypt communications traffic to protect data confidentiality with the need to maintain visibility into such traffic from a monitoring perspective. Organizations determine whether the visibility requirement applies to internal encrypted traffic, encrypted traffic intended for external destinations, or a subset of the traffic types.

CIA Levels
Confidentiality	moderate
Integrity	moderate
Availability	moderate

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4(10).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-4(10).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4(10).

CCI	Definition
CCI-002665	Defines the encrypted communications traffic that is to be visible to organization-defined system monitoring tools.
CCI-002666	Defines the system monitoring tools that will have visibility into organization-defined encrypted communications traffic.
CCI-002667	Make provisions so that organization-defined encrypted communications traffic is visible to organization-defined system monitoring tools.
CCI-004977	Defines the encrypted communications traffic that is to be visible to organization-defined system monitoring mechanisms.
CCI-004978	Defines the system monitoring mechanisms that will have visibility into organization-defined encrypted communications traffic.
CCI-004979	Make provisions so that organization-defined encrypted communications traffic is visible to organization-defined system monitoring mechanisms.