SI-4(10): Visibility Of Encrypted Communications

Control Family:

System And Information Integrity

Parent Control:

SI-4: Information System Monitoring

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Lateral Movement

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-4(10): Visibility of Encrypted Communications

Control Statement

The organization makes provisions so that [Assignment: organization-defined encrypted communications traffic] is visible to [Assignment: organization-defined information system monitoring tools].

Supplemental Guidance

Organizations balance the potentially conflicting needs for encrypting communications traffic and for having insight into such traffic from a monitoring perspective. For some organizations, the need to ensure the confidentiality of communications traffic is paramount; for others, mission-assurance is of greater concern. Organizations determine whether the visibility requirement applies to internal encrypted traffic, encrypted traffic intended for external destinations, or a subset of the traffic types.