SC-23(5): Allowed Certificate Authorities
CSF v1.1 References:
(Not part of any baseline)
- NIST Special Publication 800-53 Revision 4:
- SC-23(5): Allowed Certificate Authorities
Only allow the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.
Reliance on certificate authorities for the establishment of secure sessions includes the use of Transport Layer Security (TLS) certificates. These certificates, after verification by their respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.