AC-17(2): Protection of Confidentiality and Integrity Using Encryption

Control Family:

Access Control

Parent Control:

AC-17: Remote Access

CSF v1.1 References:

PR.AC-3
PR.PT-4

Threats Addressed:

Tampering
Information Disclosure

Baselines:

Moderate
High

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-17(2): Protection Of Confidentiality / Integrity Using Encryption

Control Statement

Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.

Supplemental Guidance

Virtual private networks can be used to protect the confidentiality and integrity of remote access sessions. Transport Layer Security (TLS) is an example of a cryptographic protocol that provides end-to-end communications security over networks and is used for Internet communications and online transactions.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Critical Security Controls Version 8