SC-23(5): Allowed Certificate Authorities

Control Family:

System and Communications Protection

Parent Control:

SC-23: Session Authenticity

CSF v1.1 References:

PR.PT-4

Threats Addressed:

Spoofing
Tampering

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-23(5): Allowed Certificate Authorities

Control Statement

Only allow the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.

Supplemental Guidance

Reliance on certificate authorities for the establishment of secure sessions includes the use of Transport Layer Security (TLS) certificates. These certificates, after verification by their respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5