SI-4(10): Visibility of Encrypted Communications
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
- High
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- SI-4(10): Visibility Of Encrypted Communications
Control Statement
Make provisions so that [Assignment: organization-defined encrypted communications traffic] is visible to [Assignment: organization-defined system monitoring tools and mechanisms].
Supplemental Guidance
Organizations balance the need to encrypt communications traffic to protect data confidentiality with the need to maintain visibility into such traffic from a monitoring perspective. Organizations determine whether the visibility requirement applies to internal encrypted traffic, encrypted traffic intended for external destinations, or a subset of the traffic types.