SC-23(5): Allowed Certificate Authorities
CSF v1.1 References:
(Not part of any baseline)
- NIST Special Publication 800-53 Revision 5:
- SC-23(5): Allowed Certificate Authorities
The information system only allows the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.
Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of Secure Socket Layer (SSL) and/or Transport Layer Security (TLS) certificates. These certificates, after verification by the respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.